CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51472 – WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-51472
27 Dec 2023 — Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. Vulnerabilidad de autenticación incorrecta en Mestres do WP Checkout Mestres WP permite la escalada de privilegios. Este problema afecta a Checkout Mestres WP: desde n/a hasta 7.1.9.7. The Checkout Mestres WP plugin for WordPress is vulnerable to authentication due to a weak password reset functionality in all versions up to, and including, ... • https://patchstack.com/database/vulnerability/checkout-mestres-wp/wordpress-checkout-mestres-wp-plugin-7-1-9-6-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51469 – WordPress Checkout Mestres WP Plugin <= 7.1.9.6 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-51469
27 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Mestres do WP Checkout Mestres WP. Este problema afecta a Checkout Mestres WP: desde n/a hasta 7.1.9.6. The Checkout Mestres WP plugin for WordPress is vulnerable to SQL Injection via an unkn... • https://patchstack.com/database/vulnerability/checkout-mestres-wp/wordpress-checkout-mestres-wp-plugin-7-1-9-6-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51471 – WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Arbitrary Options Update vulnerability
https://notcve.org/view.php?id=CVE-2023-51471
27 Dec 2023 — Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. Vulnerabilidad de autenticación incorrecta en Mestres do WP Checkout Mestres WP permite acceder a funcionalidades no restringidas adecuadamente por las ACL. Este problema afecta a Checkout Mestres WP: desde n/a hasta 7.1.9.7. The Checkout Mestres WP plugin for WordPress is vulnerable to unauthorized access... • https://patchstack.com/database/vulnerability/checkout-mestres-wp/wordpress-checkout-mestres-wp-plugin-7-1-9-6-unauthenticated-arbitrary-options-update-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-862: Missing Authorization •