CVE-2024-24799 – WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24799
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Box Office. Este problema afecta a WooCommerce Box Office: desde n/a hasta 1.2.2. The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-34003 – WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability
https://notcve.org/view.php?id=CVE-2023-34003
Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. Vulnerabilidad de autorización faltante en Woo WooCommerce Box Office. Este problema afecta a WooCommerce Box Office: desde n/a hasta 1.1.51. The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 1.1.51. This makes it possible for unauthenticated attackers to save ticket barcodes. • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-1-51-unauthenticated-save-ticket-barcode-vulnerability?_s_id=cve • CWE-862: Missing Authorization •