CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-8277 – WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-8277
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully. • https://github.com/realbotnet/CVE-2024-8277 https://github.com/PolatBey/CVE-2024-8277 https://codecanyon.net/item/woocommerce-photo-reviews/21245349 https://www.wordfence.com/threat-intel/vulnerabilities/id/a1e2d370-a716-4d6b-8e23-74db2fbd0760?source=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4039 – Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-4039
The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. A partial patch was released in 1.2.10, and a complete patch was released in 1.2.11. El complemento The Orders Tracking for WooCommerce para WordPress para WordPress es vulnerable a la ejecución arbitraria de códigos cortos en todas las versiones hasta la 1.2.10 incluida. • https://plugins.trac.wordpress.org/browser/woo-orders-tracking/trunk/includes/frontend/frontend.php#L55 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3083652%40woo-orders-tracking&new=3083652%40woo-orders-tracking&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/991ab188-869c-4875-80f3-940000a1717b?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50831 – WordPress CURCY Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-50831
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en VillaTheme CURCY – Multi Currency for WooCommerce permite XSS almacenado. Este problema afecta a CURCY – Multi Currency for WooCommerce: desde n/a hasta 2.2.0. The CURCY – Multi Currency for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied input. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/woo-multi-currency/wordpress-curcy-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48778 – WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48778
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en VillaTheme Product Size Chart para WooCommerce. Este problema afecta a Product Size Chart para WooCommerce: desde n/a hasta 1.1.5. The Product Size Chart For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to incorrect nonce validation on the get_save_option function. • https://patchstack.com/database/vulnerability/product-size-chart-for-woo/wordpress-product-size-chart-for-woocommerce-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4216 – Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read
https://notcve.org/view.php?id=CVE-2023-4216
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file. El plugin Orders Tracking for WooCommerce de WordPress versiones anteriores a 1.2.6 no valida el archivo_url parameter cuando se importa un archivo CSV, permitiendo a los usuarios de altos privilegios con la capacidad manage_woocommerce a acceder a cualquier archivo en el servidor web a través de un ataque transversal. in embargo, el contenido recuperado se limita a la primera línea del fichero. The Orders Tracking for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 1.2.5 via the 'file_url' parameter when importing CSV files. This allows authenticated attackers, with administrator-level (manage_woocommerce) privileges and above, to read the contents of the first line of arbitrary files on the server, which can contain sensitive information. • https://wpscan.com/vulnerability/8189afc4-17b3-4696-89e1-731011cb9e2b • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •