CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32101 – WordPress Email Marketing for WooCommerce plugin <= 1.14.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32101
Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.14.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Omnisend Email Marketing para WooCommerce de Omnisend. Este problema afecta al Email Marketing para WooCommerce de Omnisend: desde n/a hasta 1.14.3. The Email Marketing for WooCommerce by Omnisend plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.14.3. This is due to missing or incorrect nonce validation on the 'log_options' action. • https://patchstack.com/database/vulnerability/omnisend-connect/wordpress-email-marketing-for-woocommerce-plugin-1-14-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47244 – WordPress Email Marketing for WooCommerce by Omnisend Plugin <= 1.13.8 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-47244
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Omnisend Email Marketing para WooCommerce de Omnisend. Este problema afecta al Email Marketing para WooCommerce de Omnisend: desde n/a hasta 1.13.8. The Email Marketing for WooCommerce by Omnisend plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the status REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive user information. • https://patchstack.com/database/vulnerability/omnisend-connect/wordpress-email-marketing-for-woocommerce-by-omnisend-plugin-1-13-7-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •