12 matches found
CVE-2024-2025
The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible for...
EUVD-2025-5903
Malicious code in bioql PyPI...
CVE-2025-1780
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...
CVE-2024-13358
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.24. This makes it possible for authenticated...
CVE-2025-1780
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...
CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...
CVE-2025-1780
CVE-2025-1780 : BuddyPress WooCommerce My Account Integration (WordPress plugin) suffers unauthorized access due to a missing capability check in wc4bp_delete_page() across versions up to 3.4.25, enabling authenticated users with Subscriber level and above to update the plugin settings. The vulne...
CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.24. This makes it possible for authenticated...
CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request
The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible for...
CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request
The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible for...
PT-2024-18637 · WordPress · Buddypress Woocommerce My Account Integration
Name of the Vulnerable Software and Affected Versions: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress versions up to, and including, 3.4.20 Description: The issue concerns PHP Object Injection via deserialization of untrusted input in the get...
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.21 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request
Description The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible...