CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41240 – WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-41240
Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2. Vulnerabilidad de autorización faltante en Vark Pricing Deals para WooCommerce. Este problema afecta a Pricing Deals para WooCommerce: desde n/a hasta 2.0.3.2. The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprd_ajax_clone_rule' function in versions up to, and including, 2.0.3.2. This makes it possible for unauthenticated attackers to clone rules. • https://patchstack.com/database/vulnerability/pricing-deals-for-woocommerce/wordpress-pricing-deals-for-woocommercepricing-deals-for-woocommerce-plugin-2-0-3-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40326 – Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request'
https://notcve.org/view.php?id=CVE-2023-40326
The Putler Connector for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_resync_request() function called via an AJAX action in versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a sync request. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40327 – Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'putler_connector_sync_complete'
https://notcve.org/view.php?id=CVE-2023-40327
The Putler Connector for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the putler_connector_sync_complete() function in versions up to, and including, 2.12.0. This makes it possible for unauthenticated attackers to delete the putler_connector_resync transient value. • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47168 – Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-47168
The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to call the unprotected function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36506 – YITH WooCommerce Waiting List <= 2.6.0 - Cross-Site Request forgery via 'save_mail_status'
https://notcve.org/view.php?id=CVE-2023-36506
The YITH WooCommerce Waiting List plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.0. This is due to missing or incorrect nonce validation on the 'save_mail_status' function. This makes it possible for unauthenticated attackers to enable or disable email notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-862: Missing Authorization •