CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34370 – WordPress EAN for WooCommerce plugin <= 4.8.9 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-34370
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. Una vulnerabilidad de gestión de privilegios incorrecta en WPFactory EAN para WooCommerce permite la escalada de privilegios. Este problema afecta a EAN para WooCommerce: desde n/a hasta 4.8.9. The EAN for WooCommerce plugin for WordPress is vulnerable to arbitrary options updates n all versions up to, and including, 4.8.9. This is due to insufficient restrictions on option values that can be supplied. • https://patchstack.com/database/vulnerability/ean-for-woocommerce/wordpress-ean-for-woocommerce-plugin-4-8-9-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33956 – WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33956
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. Vulnerabilidad de autorización faltante en ThemeLocation Custom WooCommerce Checkout Fields Editor. Este problema afecta al Editor de campos de pago personalizados de WooCommerce: desde n/a hasta 1.3.0. The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/add-fields-to-checkout-page-woocommerce/wordpress-custom-woocommerce-checkout-fields-editor-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33944 – WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability
https://notcve.org/view.php?id=CVE-2024-33944
Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. Vulnerabilidad de autorización faltante en Kestrel WooCommerce AWeber Newsletter Subscription. Este problema afecta la suscripción al boletín WooCommerce AWeber: desde n/a hasta 4.0.2. The WooCommerce AWeber Newsletter Subscription plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to reset and change the plugin's access token. • https://patchstack.com/database/vulnerability/woocommerce-aweber-newsletter-subscription/wordpress-woocommerce-aweber-newsletter-subscription-plugin-4-0-1-unauthenticated-access-token-change-reset-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33949 – WordPress Min and Max Purchase for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33949
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vark Min and Max Purchase for WooCommerce allows Stored XSS.This issue affects Min and Max Purchase for WooCommerce: from n/a through 2.0.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Vark Min and Max Purchase para WooCommerce permite almacenar XSS. Este problema afecta a Min y Max Purchase para WooCommerce: desde n/a hasta 2.0.0. The Min and Max Purchase for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/min-and-max-purchase-for-woocommerce/wordpress-min-and-max-purchase-for-woocommerce-plugin-2-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33585 – WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33585
Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1. Vulnerabilidad de falta de autorización en Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce. Este problema afecta las tarifas y descuentos basados en pasarela de pago para WooCommerce: desde n/a hasta 2.12.1. The Payment Gateway Based Fees and Discounts for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.12.1. This is due to missing or incorrect nonce validation on the dismiss_notice() function. • https://patchstack.com/database/vulnerability/checkout-fees-for-woocommerce/wordpress-payment-gateway-based-fees-and-discounts-for-woocommerce-plugin-2-12-1-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •