CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31283 – WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31283
05 Apr 2024 — Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.2. Vulnerabilidad de autorización faltante en zorem Advanced Local Pickup for WooCommerce. Este problema afecta a la recogida local avanzada para WooCommerce: desde n/a hasta 1.6.2. The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/incl... • https://patchstack.com/database/vulnerability/advanced-local-pickup-for-woocommerce/wordpress-advanced-local-pickup-for-woocommerce-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2841 – Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection
https://notcve.org/view.php?id=CVE-2023-2841
21 Oct 2023 — The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complement... • https://plugins.trac.wordpress.org/browser/advanced-local-pickup-for-woocommerce/trunk/include/wc-local-pickup-admin.php?rev=2889033#L447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40702 – WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.5.2 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-40702
28 Mar 2023 — Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. Vulnerabilidad de autorización faltante en Zorem Advanced Local Pickup for WooCommerce. Este problema afecta a Local Pickup for WooCommerce: desde n/a hasta 1.5.2. The Advanced Local Pickup for WooCommerce for WordPress is vulnerable to unauthorized access of AJAX actions due to a missing capability check on the functions wclp_update_state_dropd... • https://patchstack.com/database/vulnerability/advanced-local-pickup-for-woocommerce/wordpress-advanced-local-pickup-for-woocommerce-plugin-1-5-2-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41635 – WordPress Advanced Shipment Tracking for WooCommerce Plugin <= 3.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-41635
28 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin <= 3.5.2 versions. The Advanced Shipment Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.2. This is due to missing or incorrect nonce validation on the paginate_shipping_provider_list and filter_shipping_provider_list functions. This makes it possible for unauthenticated attackers to filter visible shipping providers via a forged request g... • https://patchstack.com/database/vulnerability/woo-advanced-shipment-tracking/wordpress-advanced-shipment-tracking-for-woocommerce-plugin-3-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38141 – WordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-38141
02 Mar 2023 — Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8. Vulnerabilidad de autorización faltante en Zorem Sales Report Email para WooCommerce. Este problema afecta a Report Email para WooCommerce: desde n/a hasta 2.8. The Sales Report Email for WooCommerce plugin for WordPress is missing a capability and nonce check in several functions in versions up to, and including, 2.8.0. This allows attackers to perform... • https://patchstack.com/database/vulnerability/woo-advanced-sales-report-email/wordpress-sales-report-email-for-woocommerce-plugin-2-8-auth-test-email-submission-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4347 – Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change
https://notcve.org/view.php?id=CVE-2021-4347
26 Jul 2021 — The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn't fully address the issue. • https://blog.nintechnet.com/wordpress-advanced-shipment-tracking-for-woocommerce-fixed-critical-vulnerability • CWE-862: Missing Authorization •