CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31283 – WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31283
05 Apr 2024 — Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.2. Vulnerabilidad de autorización faltante en zorem Advanced Local Pickup for WooCommerce. Este problema afecta a la recogida local avanzada para WooCommerce: desde n/a hasta 1.6.2. The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/incl... • https://patchstack.com/database/vulnerability/advanced-local-pickup-for-woocommerce/wordpress-advanced-local-pickup-for-woocommerce-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2841 – Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection
https://notcve.org/view.php?id=CVE-2023-2841
21 Oct 2023 — The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complement... • https://plugins.trac.wordpress.org/browser/advanced-local-pickup-for-woocommerce/trunk/include/wc-local-pickup-admin.php?rev=2889033#L447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40702 – WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.5.2 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-40702
28 Mar 2023 — Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. Vulnerabilidad de autorización faltante en Zorem Advanced Local Pickup for WooCommerce. Este problema afecta a Local Pickup for WooCommerce: desde n/a hasta 1.5.2. The Advanced Local Pickup for WooCommerce for WordPress is vulnerable to unauthorized access of AJAX actions due to a missing capability check on the functions wclp_update_state_dropd... • https://patchstack.com/database/vulnerability/advanced-local-pickup-for-woocommerce/wordpress-advanced-local-pickup-for-woocommerce-plugin-1-5-2-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •