WooDiscuz – WooCommerce Comments Security Vulnerabilities

Advanced Woo Labels – Product Labels for WooCommerce < 1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Advanced Woo Labels – Product Labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WooCommerce Dropshipping <= 5.0.4 - Missing Authorization to Unauthenticated Arbitrary Email Send

Description The WooCommerce Dropshipping Premium plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on a function in all versions up to, and including, 5.0.4. This makes it possible for unauthenticated attackers to send arbitrary...

Extra Product Options for WooCommerce < 3.0.7 - Missing Authorization

Description The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epofw_get_data_based_on_cd and epofw_change_field_basedon_type() functions in versions up to, and including, 3.0.6. This makes it...

Bosa Elementor Addons and Templates for WooCommerce < 1.0.13 - Missing Authorization

Description The Bosa Elementor Addons and Templates for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the start_importer and plugin_requirements functions in versions up to, and including, 1.0.12. This makes it possible for...

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses

Impact There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. References CVE-2024-24790 Patches ...

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses

Impact There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. References CVE-2024-24790 Patches ...

CVE-2024-34763

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2024-34763

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2023-52224

Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through...

CVE-2023-52224

Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through...

CVE-2023-52227

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52227

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2024-34763 WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2024-34763 WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2023-52227 WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52227 WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52224 WordPress Revolut Gateway for WooCommerce plugin <= 4.9.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through...

CVE-2024-34819

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34819

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34819 WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-24703

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

CVE-2024-24703

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

CVE-2023-51498

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through...

CVE-2023-51498

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through...

CVE-2024-24703 WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

CVE-2024-24703 WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

CVE-2023-51498 WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through...

CVE-2023-51498 WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through...

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

CVE-2024-34813

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34813

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2023-52179

Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through...

CVE-2023-52179

Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through...

CVE-2023-52179 WordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through...

CVE-2023-52179 WordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through...

CVE-2024-34813 WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34813 WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2023-52186

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through...

CVE-2023-52217

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through...

CVE-2023-52217

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through...

CVE-2023-52186

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through...

CVE-2023-52217 WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through...

CVE-2023-52217 WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through...

CVE-2023-52186 WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through...

CVE-2023-52186 WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through...

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487)

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...

Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933)

Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...