3 results (0.013 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Box Office. Este problema afecta a WooCommerce Box Office: desde n/a hasta 1.2.2. The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. Vulnerabilidad de autorización faltante en Woo WooCommerce Box Office. Este problema afecta a WooCommerce Box Office: desde n/a hasta 1.1.51. The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 1.1.51. This makes it possible for unauthenticated attackers to save ticket barcodes. • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-1-51-unauthenticated-save-ticket-barcode-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions. Vulnerabilidad de Cross-Site Scripting (XSS) el plugin WooCommerce Box Office de WooCommerce que afecta a versiones 1.1.50 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de colaborador o superior. The WooCommerce Box Office plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.50 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-1-50-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •