CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38708 – WordPress Barcode Scanner and Inventory manager plugin <= 1.6.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38708
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows SQL Injection.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.1. Vulnerabilidad de neutralización incorrecta de elementos especiales usados en comando SQL ("Inyección SQL") en UkrSolution Barcode Scanner con Inventory & Order Manager permite la inyección SQL. Este problema afecta a Barcode Scanner con Inventory & Order Manager: desde n/a hasta 1.6.1. The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-and-inventory-manager-plugin-1-6-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34557 – WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-34557
Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en UkrSolution Barcode Scanner con Inventory & Order Manager. Este problema afecta a Barcode Scanner con Inventory & Order Manager: desde n/a hasta 1.5.4. The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on the pageSettingsUpdate() function. • https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34556 – WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Sensitive Data Exposure via Exported File vulnerability
https://notcve.org/view.php?id=CVE-2024-34556
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en UkrSolution Barcode Scanner con Inventory & Order Manager. Este problema afecta a Barcode Scanner con Inventory & Order Manager: desde n/a hasta 1.5.4. The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.4 via exported files. • https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-4-sensitive-data-exposure-via-exported-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33565 – WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33565
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. Vulnerabilidad de falta de autorización en UkrSolution Barcode Scanner con Inventory & Order Manager. Este problema afecta a Barcode Scanner con Inventory & Order Manager: desde n/a hasta 1.5.3. The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-3-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33567 – WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-33567
Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. Una vulnerabilidad de gestión de privilegios incorrecta en UkrSolution Barcode Scanner with Inventory & Order Manager permite una escalada de privilegios. Este problema afecta a Barcode Scanner with Inventory & Order Manager: desde n/a hasta 1.5.3. The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.3. • https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-3-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •