CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30542 – WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-30542
29 Mar 2024 — Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2. Una vulnerabilidad de gestión de privilegios incorrecta en Wholesale WholesaleX permite la escalada de privilegios. Este problema afecta a WholesaleX: desde n/a hasta 1.3.2. The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and inc... • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30224 – WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30224
26 Mar 2024 — Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. Vulnerabilidad de deserialización de datos no confiables en Wholesale Team WholesaleX. Este problema afecta a WholesaleX: desde n/a hasta 1.3.2. The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.2 via deserialization of untrusted i... • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30233 – WordPress WholesaleX plugin <= 1.3.1 - Sensitive Data Exposure on User Export vulnerability
https://notcve.org/view.php?id=CVE-2024-30233
26 Mar 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Wholesale Team WholesaleX. Este problema afecta a WholesaleX: desde n/a hasta 1.3.1. The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions u... • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-sensitive-data-exposure-on-user-export-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30234 – WordPress WholesaleX plugin <= 1.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30234
26 Mar 2024 — Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. Vulnerabilidad de autorización faltante en Wholesale Team WholesaleX. Este problema afecta a WholesaleX: desde n/a hasta 1.3.1. The WholesaleX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wc_install_callback AJAX function in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subs... • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •