Lucene search
K

34 matches found

Vulnrichment
Vulnrichment
added 2024/12/31 12:46 p.m.11 views

CVE-2023-50850 WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

4.3CVSS6.9AI score0.00359EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.5 views

PT-2024-13977 · Woocommerce · Woocommerce Subscriptions

Name of the Vulnerable Software and Affected Versions: WooCommerce Subscriptions versions prior to 5.8.0 Description: The issue is related to a Missing Authorization vulnerability in Woo WooCommerce Subscriptions, allowing exploitation of incorrectly configured access control security levels...

4.3CVSS7.2AI score0.00359EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/12/31 12:0 a.m.3 views

WordPress plugin WooCommerce Subscriptions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress plugin...

4.3CVSS8.6AI score0.00359EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/01/17 12:0 a.m.12 views

WordPress WooCommerce Subscriptions Plugin < 5.8.0 is vulnerable to Broken Access Control

Software WooCommerce Subscriptions Type Plugin Vulnerable versions 5.8.0 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50850 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 18ef9f3672af Credits Rafie Muhammad...

6.6AI score0.00359EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/20 4:15 p.m.4 views

CVE-2023-35914

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

7.5CVSS7.3AI score0.00574EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.5 views

PT-2023-25379 · Woocommerce · Woocommerce Subscriptions

Name of the Vulnerable Software and Affected Versions: WooCommerce Woo Subscriptions versions prior to 5.1.3 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects WooCommerce Woo Subscriptions, allowing unauthorized...

7.5CVSS7.7AI score0.00574EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2023/09/11 12:0 a.m.9 views

WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF

Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack PoC Deactivate subscription with ID 53:...

7.1AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.148 views

WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF

Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack Deactivate subscription with ID 53:...

7.3AI score
Exploits0References1
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.9 views

WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Subscriptions Type Plugin Vulnerable versions = 5.1.2 Fixed in 5.1.3 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-35914 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 00ef3fa8d5b4 Credits...

7.5CVSS6.5AI score0.00574EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/08/04 12:0 a.m.3 views

WordPress WooCommerce Subscriptions Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WooCommerce Subscriptions is a subscription plugin used in it. A cross-site scripting vulnerability exists in WordPress...

6.1CVSS6.3AI score0.01628EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/07/28 12:0 a.m.10 views

WordPress WooCommerce Subscriptions Plugin < 2.6.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113732";...

6.1CVSS6.3AI score0.01628EPSS
Exploits1References1
OSV
OSV
added 2020/07/23 8:15 p.m.5 views

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

6.1CVSS6AI score0.01628EPSS
Exploits1References3
Prion
Prion
added 2020/07/23 8:15 p.m.13 views

Cross site scripting

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

4.3CVSS6.4AI score0.01628EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/07/23 7:42 p.m.51 views

CVE-2019-18834

CVE-2019-18834 affects the WordPress plugin WooCommerce Subscriptions (pre-2.6.3). The vulnerability is a persistent cross-site scripting (XSS) flaw caused by mishandling of Billing Details in WCS_Admin_Post_Types (class-wcs-admin-post-types.php), allowing remote attackers to execute arbitrary Ja...

6.1CVSS6.3AI score0.01628EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder