CVE-2024-43131 WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerability

Incorrect Authorization vulnerability in WPWeb Docket WooCommerce Collections / Wishlist / Watchlist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket WooCommerce Collections / Wishlist / Watchlist: from n/a before 1.7.0...

PT-2024-30320

Name of the Vulnerable Software and Affected Versions Docket WooCommerce Collections / Wishlist / Watchlist versions prior to 1.7.0 Description The issue is related to an Incorrect Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists...

WordPress plugin Docket 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin <= 1.6.6 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Docket WooCommerce Collections / Wishlist / Watchlist versions 1.7.0...

WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion vulnerability

Unauthenticated Arbitrary Post/Page Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Docket WooCommerce Collections / Wishlist / Watchlist versions 1.7.0...

WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) Plugin < 1.7.0 is vulnerable to Arbitrary Content Deletion

Software Docket WooCommerce Collections / Wishlist / Watchlist Type Plugin Vulnerable versions 1.7.0 Fixed in 1.7.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2024-43131 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID...

WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) Plugin < 1.7.0 is vulnerable to SQL Injection

Software Docket WooCommerce Collections / Wishlist / Watchlist Type Plugin Vulnerable versions 1.7.0 Fixed in 1.7.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43132 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 952a5b0e08da Credits Dave Jong...

Docket Cache < 21.08.02 - Reflected Cross-Site Scripting

The plugin does not escape some filter parameters when the OPCache Viewer is enabled before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=docket-cache-opcviewer&idx=opcviewer&s=a&sf="alert/XSS-sf/&sm="alert/XSS-sm/...

Docket Cache < 21.08.02 - Reflected Cross-Site Scripting

The plugin does not escape some filter parameters when the OPCache Viewer is enabled before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-admin/admin.php?page=docket-cache-opcviewer=opcviewer=a="="...

WordPress Docket Cache plugin <= 21.08.01 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Docket Cache plugin versions = 21.08.01. Solution Update the WordPress Docket Cache plugin to the latest available version at least 21.08.02...