WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by NosleeP++ in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.5...

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

EUVD-2019-3474

Malware in sbrugna...

EUVD-2023-51779

Malicious code in bioql PyPI...

CVE-2023-47681 WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0...

WordPress plugin WooCommerce Checkout Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WooCommerce Checkout Manager Plugin <= 7.3.0 is vulnerable to Broken Access Control

Software WooCommerce Checkout Manager Type Plugin Vulnerable versions = 7.3.0 Fixed in 7.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47681 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b9559fa71258 Credits Rafie Muhammad...

Design/Logic Flaw

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

CVE-2019-11807

CVE-2019-11807 affects the WordPress plugin “WooCommerce Checkout Manager” (before version 4.3). The vulnerability allows unauthenticated users to delete media via an AJAX endpoint: wp-admin/admin-ajax.php?action=update_attachment_wccm with the wccm_default_keys_load parameter, caused by an insec...

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called "Plugin Vulnerabilities "—that recently gone...