CVE-2024-30542 – WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-30542
Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2. Una vulnerabilidad de gestión de privilegios incorrecta en Wholesale WholesaleX permite la escalada de privilegios. Este problema afecta a WholesaleX: desde n/a hasta 1.3.2. The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to escalate their privileges. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVE-2024-30233 – WordPress WholesaleX plugin <= 1.3.1 - Sensitive Data Exposure on User Export vulnerability
https://notcve.org/view.php?id=CVE-2024-30233
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Wholesale Team WholesaleX. Este problema afecta a WholesaleX: desde n/a hasta 1.3.1. The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the 'export_users'. This makes it possible for authenticated attackers, with access to the admin dashboard (Subscribers, though with WooCommerce installed this would be limited to contributors by default) to extract sensitive data including lists of users. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-sensitive-data-exposure-on-user-export-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-30234 – WordPress WholesaleX plugin <= 1.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30234
Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. Vulnerabilidad de autorización faltante en Wholesale Team WholesaleX. Este problema afecta a WholesaleX: desde n/a hasta 1.3.1. The WholesaleX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wc_install_callback AJAX function in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to install woocommerce. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-30224 – WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30224
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. Vulnerabilidad de deserialización de datos no confiables en Wholesale Team WholesaleX. Este problema afecta a WholesaleX: desde n/a hasta 1.3.2. The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •