Lucene search
+L

11 matches found

Patchstack
Patchstack
added 2026/02/03 11:27 a.m.6 views

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Import vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

4.3CVSS5.4AI score0.00367EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:27 a.m.8 views

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Order Deletion vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

4.3CVSS5.4AI score0.00344EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.5 views

CVE-2024-10852

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buyoneclickexportoptions AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS5.1AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2024/11/13 2:15 a.m.4 views

CVE-2024-10854

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buyoneclickimportoptions AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-leve...

4.3CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2024/11/13 2:15 a.m.8 views

CVE-2024-10853

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS7.3AI score0.00344EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 2:2 a.m.72 views

CVE-2024-10854

CVE-2024-10854 concerns the WordPress plugin Buy one click WooCommerce (&lt;= 2.2.9). The root cause is a missing capability check on the AJAX action buy_one_click_import_options , allowing authenticated users with Subscriber-level access and above to modify/import plugin settings. The vulnerabil...

4.3CVSS4.7AI score0.00367EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.5 views

WordPress plugin Buy one click WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

4.3CVSS7.8AI score0.00388EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.4 views

WordPress plugin Buy one click WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

4.3CVSS7.9AI score0.00367EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.5 views

WordPress plugin Buy one click WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

4.3CVSS7.8AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.12 views

PT-2024-16591 · WordPress · Buy One Click Woocommerce Plugin

Name of the Vulnerable Software and Affected Versions: Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9 Description: The issue arises from a missing capability check on the buy one click export options AJAX action, allowing authenticated attackers with...

4.3CVSS9AI score0.00388EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.18 views

WordPress Buy one click WooCommerce Plugin <= 2.2.9 is vulnerable to Broken Access Control

Software Buy one click WooCommerce Type Plugin Vulnerable versions = 2.2.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10852 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5a826444a0c Credits incognito Required...

4.3CVSS6.5AI score0.00388EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder