CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1953 – Product Configurator for WooCommerce < 1.2.32 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2022-1953
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first El plugin Product Configurator for WooCommerce de WordPress versiones anteriores a 1.2.32, sufre una vulnerabilidad de borrado arbitrario de archivos por medio de una acción AJAX, accesible a usuarios no autenticados, que acepta la entrada del usuario que es usada en una ruta y es pasada a unlink() sin comprobación previa The Product Configurator for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletions in versions up to, and including, 1.2.31 due to insufficient file validation and file path validation on the save_image() function that uses unlink() on a user supplied file path. This function is invoked via the wp_ajax_nopriv_mkl_pc_generate_config_image AJAX action which is tied to the generate_config_image() function with no capability checks or nonce validation which makes this issue exploitable via any unauthenticated user such as subscriber, or via a Cross-Site Request Forgery. • https://wpscan.com/vulnerability/b66d6682-edbc-435f-a73a-dced32a32770 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2022-0814 – Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-0814
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections El plugin Ubigeo de Perú para Woocommerce de WordPress versiones anteriores a 3.6.4, no sanea y escapa apropiadamente de algunos parámetros antes de usarlos en sentencias SQL por medio de varias acciones AJAX, algunas de las cuales están disponibles para usuarios no autenticados, conllevando a inyecciones SQL • https://wpscan.com/vulnerability/fd84dc08-0079-4fcf-81c3-a61d652e3269 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0775 – WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion
https://notcve.org/view.php?id=CVE-2022-0775
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment El complemento WooCommerce WordPress anterior a 6.2.1 no tiene una verificación de autorización adecuada al eliminar reseñas, lo que podría permitir a cualquier usuario autenticado, como un suscriptor, eliminar comentarios arbitrarios. The WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an insufficient capability check on the /wc/v2/products/ REST API in versions up to, and including, 6.2.0. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to delete, edit, and read arbitrary comments and reviews. • https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix https://plugins.trac.wordpress.org/changeset/2683324 https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24940 – Persian Woocommerce <= 5.8.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24940
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue El plugin Persian Woocommerce de WordPress versiones hasta 5.8.0, no escapa el parámetro s antes de devolverlo en un atributo en el panel de administración, lo que podría conllevar un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/1980c5ca-447d-4875-b542-9212cc7ff77f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24928 – Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24928
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post. El plugin Rearrange Woocommerce Products de WordPress versiones anteriores a 3.0.8, no presenta controles de acceso apropiados en la acción AJAX save_all_order , ni comprueba y escapa cuando inserta datos de usuario en la sentencia SQL, conllevando a una inyección SQL, y permite a cualquier usuario autenticado, como el suscriptor, modificar el contenido de un post arbitrario (por ejemplo con una carga útil de tipo XSS), así como exfiltrar cualquier dato copiándolo a otro post • https://wpscan.com/vulnerability/3762a77c-b8c9-428f-877c-bbfd7958e7be • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •