11 matches found
WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Import vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...
WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Order Deletion vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...
CVE-2024-10852
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buyoneclickexportoptions AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2024-10854
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buyoneclickimportoptions AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-leve...
CVE-2024-10853
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-10854
CVE-2024-10854 concerns the WordPress plugin Buy one click WooCommerce (<= 2.2.9). The root cause is a missing capability check on the AJAX action buy_one_click_import_options , allowing authenticated users with Subscriber-level access and above to modify/import plugin settings. The vulnerabil...
WordPress plugin Buy one click WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
WordPress plugin Buy one click WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
WordPress plugin Buy one click WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
PT-2024-16591 · WordPress · Buy One Click Woocommerce Plugin
Name of the Vulnerable Software and Affected Versions: Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9 Description: The issue arises from a missing capability check on the buy one click export options AJAX action, allowing authenticated attackers with...
WordPress Buy one click WooCommerce Plugin <= 2.2.9 is vulnerable to Broken Access Control
Software Buy one click WooCommerce Type Plugin Vulnerable versions = 2.2.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10852 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5a826444a0c Credits incognito Required...