CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35880 – WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35880
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. The WooCommerce Brands plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.49. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woocommerce-brands/wordpress-woocommerce-brands-plugin-1-6-49-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35049 – WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-35049
Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.4.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.4.0. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-payment-gateway-plugin-7-4-0-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34000 – WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-34000
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 7.4.0. This is due to insufficient validation in the payment_fields() and javascript_params () functions that do not properly validate order ownership. This makes it possible for unauthenticated attackers to retrieve potentially sensitive data for orders other than their own. • https://patchstack.com/articles/unauthenticated-idor-to-pii-disclosure-vulnerability-in-woocommerce-stripe-gateway-plugin?_s_id=cve https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-payment-gateway-plugin-7-4-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34376 – Change WooCommerce Add To Cart Button Text <= 1.3 - Missing Authorization via rexvs_settings_submit
https://notcve.org/view.php?id=CVE-2023-34376
The Change WooCommerce Add To Cart Button Text plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rexvs_settings_submit AJAX function in versions up to, and including, 1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34003 – WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability
https://notcve.org/view.php?id=CVE-2023-34003
Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. Vulnerabilidad de autorización faltante en Woo WooCommerce Box Office. Este problema afecta a WooCommerce Box Office: desde n/a hasta 1.1.51. The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 1.1.51. This makes it possible for unauthenticated attackers to save ticket barcodes. • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-1-51-unauthenticated-save-ticket-barcode-vulnerability?_s_id=cve • CWE-862: Missing Authorization •