CVE-2020-29156 – WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter
https://notcve.org/view.php?id=CVE-2020-29156
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. El plugin WooCommerce versiones anteriores a 4.7.0 para WordPress, permite a atacantes remotos visualizar el estado de pedidos arbitrarios por medio del parámetro order_id en una acción fetch_order_status • https://github.com/Ko-kn3t/CVE-2020-29156 https://raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txt • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2019-9168 – WooCommerce <= 3.5.4 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9168
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. WooCommerce, en versiones anteriores a la 3.5.5, permite Cross-Site Scripting (XSS) mediante una leyenda de Photoswipe. • https://woocommerce.wordpress.com/2019/02/20/woocommerce-3-5-5-security-fix-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20782 – WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing
https://notcve.org/view.php?id=CVE-2018-20782
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. El plugin GloBee, en versiones anteriores a la 1.1.2 para WooCommerce, gestiona de manera incorrecta los mensajes IPN. WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities. • https://www.exploit-db.com/exploits/46414 https://github.com/GloBee-Official/woocommerce-payment-api-plugin/issues/3 https://github.com/GloBee-Official/woocommerce-payment-api-plugin/pull/2 • CWE-20: Improper Input Validation •
CVE-2018-20714 – WooCommerce <= 3.4.5 - WooCommerce File Deletion
https://notcve.org/view.php?id=CVE-2018-20714
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. El sistema de registros del plugin Automattic WooCommerce, en versiones anteriores a la 3.4.6 para WordPress, es vulnerable a la eliminación de archivos. Esto permite la eliminación de woocommerce.php, lo que conduce a que no existan ciertas comprobaciones de privilegios y, por lo tanto, un gerente de tienda puede escalar privilegios a administrador. • https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-17058 – WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-17058
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code ** EN DISPUTA ** El plugin WooCommerce hasta la versión 3.x para WordPress contiene una vulnerabilidad de salto de directorio mediante un URI /wp-content/plugins/woocommerce/templates/emails/plain/ que accede a un directorio principal. NOTA: un mantenedor de software indica que no es posible que se produzca un salto de directorio debido a que todos los archivos de template contienen código "if (!defined('ABSPATH')) {exit;}". • https://www.exploit-db.com/exploits/43196 https://github.com/fu2x2000/CVE-2017-17058-woo_exploit https://github.com/woocommerce/woocommerce/issues/17964 https://www.exploit-db.com/ghdb/4613 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •