Lucene search
K

211 matches found

nvd
nvd
added 2023/06/09 6:16 a.m.18 views

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.4CVSS4.5AI score0.00466EPSS
Exploits0References5
prion
prion
added 2023/06/09 6:16 a.m.15 views

Design/Logic Flaw

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.5CVSS5.2AI score0.00466EPSS
Exploits0References5Affected Software1
cve
cve
added 2023/06/09 5:33 a.m.51 views

CVE-2023-2275

The CVE-2023-2275 entry concerns the WooCommerce Multivendor Marketplace – REST API plugin for WordPress. It describes a vulnerability caused by missing capability checks in get_item, get_order_notes, and add_order_note, affecting versions up to 1.5.3. The impact stated across connected sources i...

5.4CVSS5.1AI score0.00466EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2023/06/09 5:33 a.m.25 views

CVE-2023-2275 WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

4.3CVSS5.4AI score0.00466EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2023/06/09 5:33 a.m.12 views

CVE-2023-2275 WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

4.3CVSS6.7AI score0.00466EPSS
Exploits0References5
cnnvd
cnnvd
added 2023/06/09 12:0 a.m.7 views

WordPress Plugin WooCommerce Multivendor Marketplace – REST API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.4CVSS6.9AI score0.00466EPSS
Exploits0References6
attackerkb
attackerkb
added 2023/05/20 4:15 a.m.3 views

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS7.2AI score0.01093EPSS
Exploits0References5
cnnvd
cnnvd
added 2023/05/20 12:0 a.m.6 views

WordPress Plugin WCFM Membership 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WCFM Membership -...

9.8CVSS8.4AI score0.01093EPSS
Exploits0References5
nvd
nvd
added 2023/05/08 2:15 p.m.22 views

CVE-2022-4118

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users...

9.8CVSS9.6AI score0.00898EPSS
Exploits2References1
osv
osv
added 2023/05/08 2:15 p.m.4 views

CVE-2022-4118

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users...

9.8CVSS5.8AI score0.00898EPSS
Exploits2References1
prion
prion
added 2023/05/08 2:15 p.m.21 views

Sql injection

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users...

7.5CVSS9.6AI score0.00898EPSS
Exploits2References1Affected Software1
cve
cve
added 2023/05/08 1:58 p.m.49 views

CVE-2022-4118

CVE-2022-4118 affects the Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor (WordPress) up to version 1.7.1. The vulnerability is a SQL injection in a parameter used in a SQL statement due to improper sanitization/escaping. This can be exploited by authenticated users. Affected soft...

9.8CVSS9.7AI score0.00898EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2023/05/08 1:58 p.m.26 views

CVE-2022-4118 Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users...

9.8AI score0.00898EPSS
Exploits2References1
cnnvd
cnnvd
added 2023/05/08 12:0 a.m.8 views

WordPress plugin Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin Bitcoin / AltCoin...

9.8CVSS8.5AI score0.00898EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2023/05/08 12:0 a.m.6 views

PT-2023-13962 · WordPress · Bitcoin / Altcoin Payment Gateway For Woocommerce & Multivendor Store

Name of the Vulnerable Software and Affected Versions: Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin versions 1.7.1 and earlier Description: The issue is related to a SQL injection problem. It occurs because a parameter is not properly sanitized and...

9.8CVSS9.6AI score0.00898EPSS
Exploits2References5
wpvulndb
wpvulndb
added 2023/04/26 12:0 a.m.19 views

WooCommerce Multivendor Marketplace – REST API < 1.6.0 - Subscriber+ Arbitrary Orders Item And Notes Update

The plugin does not properly implement capability checks on the 'getitem', 'getordernotes', and 'addordernote' functions, leading to potential unauthorized access and addition of those items by authenticated users with subscriber privileges or above...

6.7AI score
Exploits0Affected Software1
nvd
nvd
added 2022/09/05 1:15 p.m.28 views

CVE-2022-2657

The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status...

4.3CVSS0.00275EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/09/05 1:15 p.m.2 views

CVE-2022-2657

The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status...

4.3CVSS6AI score0.00275EPSS
Exploits2References2
osv
osv
added 2022/09/05 1:15 p.m.5 views

CVE-2022-2657

The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status...

4.3CVSS5.9AI score0.00275EPSS
Exploits2References1
cvelist
cvelist
added 2022/09/05 12:35 p.m.33 views

CVE-2022-2657 Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls

The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status...

5.2AI score0.00275EPSS
Exploits2References1
Rows per page
Query Builder