CVE-2018-20782 – WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing
https://notcve.org/view.php?id=CVE-2018-20782
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. El plugin GloBee, en versiones anteriores a la 1.1.2 para WooCommerce, gestiona de manera incorrecta los mensajes IPN. WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities. • https://www.exploit-db.com/exploits/46414 https://github.com/GloBee-Official/woocommerce-payment-api-plugin/issues/3 https://github.com/GloBee-Official/woocommerce-payment-api-plugin/pull/2 • CWE-20: Improper Input Validation •
CVE-2018-20714 – WooCommerce <= 3.4.5 - WooCommerce File Deletion
https://notcve.org/view.php?id=CVE-2018-20714
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. El sistema de registros del plugin Automattic WooCommerce, en versiones anteriores a la 3.4.6 para WordPress, es vulnerable a la eliminación de archivos. Esto permite la eliminación de woocommerce.php, lo que conduce a que no existan ciertas comprobaciones de privilegios y, por lo tanto, un gerente de tienda puede escalar privilegios a administrador. • https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-17058 – WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-17058
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code ** EN DISPUTA ** El plugin WooCommerce hasta la versión 3.x para WordPress contiene una vulnerabilidad de salto de directorio mediante un URI /wp-content/plugins/woocommerce/templates/emails/plain/ que accede a un directorio principal. NOTA: un mantenedor de software indica que no es posible que se produzca un salto de directorio debido a que todos los archivos de template contienen código "if (!defined('ABSPATH')) {exit;}". • https://www.exploit-db.com/exploits/43196 https://github.com/fu2x2000/CVE-2017-17058-woo_exploit https://github.com/woocommerce/woocommerce/issues/17964 https://www.exploit-db.com/ghdb/4613 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-18356 – WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2017-18356
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes. En el plugin Automattic WooCommerce en versiones anteriores a la 3.2.4 para WordPress, es posible realizar un ataque tras obtener acceso al sitio objetivo con una cuenta de usuario que tiene, al menos, privilegios de gerente de tienda. El atacante construye una cadena especialmente manipulada que se convertirá en una inyección de objetos PHP relacionada con el uso de consultas en caché en códigos cortos en WC_Shortcode_Products::get_products(), en includes/shortcodes/class-wc-shortcode-products.php. • https://blog.ripstech.com/2018/woocommerce-php-object-injection https://woocommerce.wordpress.com/2017/11/16/woocommerce-3-2-4-security-fix-release-notes • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2016-10112 – WooCommerce <= 2.6.8 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10112
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format. Vulnerabilidad de XSS en el plugin WooCommerce en versiones anteriores a 2.6.9 para WordPress permite a administradores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios proporcionando valores de tabla tax-rate manipulados en formato CSV. • http://www.securityfocus.com/bid/95292 https://wordpress.org/plugins/woocommerce/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •