WooDiscuz – WooCommerce Comments Security Vulnerabilities

CVE-2023-41240

Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through...

CVE-2023-41240 WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through...

CVE-2023-41240 WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through...

CVE-2023-51679

Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through...

CVE-2023-51679

Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through...

CVE-2023-51680

Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through...

CVE-2023-51680

Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through...

CVE-2023-51679 WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through...

CVE-2023-51680 WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through...

CVE-2023-51680 WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through...

CVE-2024-4564

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to...

CVE-2024-4564

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to...

CVE-2024-4564 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to...

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.20 - Missing Authorization

Description The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wc4bp_shop_profile_sync_ajax() function in versions up to, and including, 3.4.19. This...

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie....

Advanced Woo Labels – Product Labels for WooCommerce < 1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Advanced Woo Labels – Product Labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WooCommerce Dropshipping <= 5.0.4 - Missing Authorization to Unauthenticated Arbitrary Email Send

Description The WooCommerce Dropshipping Premium plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on a function in all versions up to, and including, 5.0.4. This makes it possible for unauthenticated attackers to send arbitrary...

Extra Product Options for WooCommerce < 3.0.7 - Missing Authorization

Description The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epofw_get_data_based_on_cd and epofw_change_field_basedon_type() functions in versions up to, and including, 3.0.6. This makes it...

Bosa Elementor Addons and Templates for WooCommerce < 1.0.13 - Missing Authorization

Description The Bosa Elementor Addons and Templates for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the start_importer and plugin_requirements functions in versions up to, and including, 1.0.12. This makes it possible for...

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses

Impact There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. References CVE-2024-24790 Patches ...

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses

Impact There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. References CVE-2024-24790 Patches ...

CVE-2024-34763

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2024-34763

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2023-52224

Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through...

CVE-2023-52224

Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through...

CVE-2023-52227

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52227

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2024-34763 WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2024-34763 WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...

CVE-2023-52227 WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52227 WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through...

CVE-2023-52224 WordPress Revolut Gateway for WooCommerce plugin <= 4.9.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through...

CVE-2024-34819

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34819

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34819 WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-24703

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

CVE-2024-24703

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

CVE-2023-51498

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through...

CVE-2023-51498

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through...

CVE-2024-24703 WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

CVE-2024-24703 WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

CVE-2023-51498 WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through...

CVE-2023-51498 WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through...

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

CVE-2024-34813

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34813

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...