3 matches found
CVE-2024-1492
The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...
CVE-2024-1492
CVE-2024-1492 (WPify Woo Czech, WordPress). Vulnerability is due to a missing capability check in the maybe_send_to_packeta function; affects WPify Woo Czech plugin versions up to and including 4.0.8. Unauthenticated attackers could obtain shipping details for orders if the order number is known....
WordPress WPify Woo Czech Plugin <= 4.0.8 is vulnerable to Broken Access Control
Software WPify Woo Czech Type Plugin Vulnerable versions = 4.0.8 Fixed in 4.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1492 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e2dc6ee494b6 Credits Francesco Carlucci Required...