CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24835 – WordPress BEAR plugin <= 1.1.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24835
02 Feb 2024 — Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. Vulnerabilidad de autorización faltante en realmag777 BEAR. Este problema afecta a BEAR: desde n/a hasta 1.1.4. The BEAR plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the /ext/history/history.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to pe... • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0251 – Advanced Woo Search <= 2.96 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-0251
12 Jan 2024 — The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed. El ... • https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52223 – WordPress MailerLite – WooCommerce integration Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52223
08 Jan 2024 — Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en MailerLite MailerLite – WooCommerce integration. Este problema afecta a MailerLite – integración de WooCommerce: desde n/a hasta 2.0.8. The MailerLite – WooCommerce integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2... • https://patchstack.com/database/vulnerability/woo-mailerlite/wordpress-mailerlite-woocommerce-integration-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52227 – WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-52227
08 Jan 2024 — Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8. Vulnerabilidad de autorización faltante en MailerLite MailerLite – WooCommerce integration. Este problema afecta a MailerLite – WooCommerce integration: desde n/a hasta 2.0.8. The MailerLite – WooCommerce integration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions... • https://patchstack.com/database/vulnerability/woo-mailerlite/wordpress-mailerlite-woocommerce-integration-plugin-2-0-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51486 – WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-51486
27 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RedNao WooCommerce PDF Invoice Builder. Este problema afecta a WooCommerce PDF Invoice Builder: desde n/a hasta 1.2.101. The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.101. This is due to missing o... • https://patchstack.com/database/vulnerability/woo-pdf-invoice-builder/wordpress-woocommerce-pdf-invoice-builder-create-invoices-packing-slips-and-more-plugin-1-2-101-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51512 – WordPress Product Table by WBW plugin <= 1.8.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-51512
27 Dec 2023 — Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6. Vulnerabilidad de Cross Site Request Forgery (CSRF) en WBW Product Table de WBW. Este problema afecta a Product Table de WBW: desde n/a hasta 1.8.6. The Product Table by WBW plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on the saveGroup function. • https://patchstack.com/database/vulnerability/woo-product-tables/wordpress-product-table-by-wbw-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51523 – WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51523
27 Dec 2023 — Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through 0.3.0.7. Vulnerabilidad de autorización faltante en WriterSystem WooCommerce Easy Duplicate Product. Este problema afecta al producto WooCommerce Easy Duplicate: desde n/a hasta 0.3.0.7. The WooCommerce Easy Duplicate Product plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wedp_duplicate... • https://patchstack.com/database/vulnerability/woo-easy-duplicate-product/wordpress-woocommerce-easy-duplicate-product-plugin-0-3-0-7-broken-access-control-csrf-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50877 – WordPress Product Filter by WBW plugin <= 2.5.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50877
26 Dec 2023 — Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0. The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getListForTbl() function hooked via AJAX in versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with subscriber-level access and abov... • https://patchstack.com/database/wordpress/plugin/woo-product-filter/vulnerability/wordpress-product-filter-by-wbw-plugin-2-5-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49848 – WordPress Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin <= 2.1.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-49848
06 Dec 2023 — Missing Authorization vulnerability in wooproductimporter Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1. The Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including,... • https://patchstack.com/database/wordpress/plugin/woo-aliexpress-dropshipping/vulnerability/wordpress-sharkdropship-dropshipping-for-aliexpress-ebay-amazon-etsy-plugin-2-1-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47694 – WordPress Mini Cart Drawer For WooCommerce plugin <= 4.0.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47694
09 Nov 2023 — Missing Authorization vulnerability in appsbd Mini Cart Drawer For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mini Cart Drawer For WooCommerce: from n/a through 4.0.0. The Mini Cart Drawer For WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a few AJAX actions in versions up to, and including, 4.0.0. This makes it possible for authenticated attackers, with subscriber-level access and... • https://patchstack.com/database/wordpress/plugin/woo-mini-cart-drawer/vulnerability/wordpress-mini-cart-drawer-for-woocommerce-plugin-3-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •