2 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-35748 – WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability

https://notcve.org/view.php?id=CVE-2024-35748

06 Jun 2024 — Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. Vulnerabilidad de autorización faltante en OPMC WooCommerce Dropshipping. Este problema afecta a WooCommerce Dropshipping: desde n/a hasta 5.0.4. The WooCommerce Dropshipping Premium plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on a function in all versions up to, and including, 5.0.4. This makes it possible for unauth... • https://patchstack.com/database/vulnerability/woocommerce-dropshipping/wordpress-woocommerce-dropshipping-plugin-5-0-4-unauthenticated-arbitrary-email-sending-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-3481 – WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi

https://notcve.org/view.php?id=CVE-2022-3481

17 Oct 2022 — The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection El complemento de WordPress WooCommerce Dropshipping anterior a 4.4 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL a través de un endpoint REST disponible para usuarios no autenticados, lo que lleva a una inyección de SQL. The WooCommerce Dropshi... • https://wpscan.com/vulnerability/c5e395f8-257e-49eb-afbd-9c1e26045373 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •