34 matches found
CVE-2023-50850 WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...
PT-2024-13977 · Woocommerce · Woocommerce Subscriptions
Name of the Vulnerable Software and Affected Versions: WooCommerce Subscriptions versions prior to 5.8.0 Description: The issue is related to a Missing Authorization vulnerability in Woo WooCommerce Subscriptions, allowing exploitation of incorrectly configured access control security levels...
WordPress plugin WooCommerce Subscriptions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress plugin...
WordPress WooCommerce Subscriptions Plugin < 5.8.0 is vulnerable to Broken Access Control
Software WooCommerce Subscriptions Type Plugin Vulnerable versions 5.8.0 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50850 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 18ef9f3672af Credits Rafie Muhammad...
CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...
PT-2023-25379 · Woocommerce · Woocommerce Subscriptions
Name of the Vulnerable Software and Affected Versions: WooCommerce Woo Subscriptions versions prior to 5.1.3 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects WooCommerce Woo Subscriptions, allowing unauthorized...
WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF
Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack PoC Deactivate subscription with ID 53:...
WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF
Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack Deactivate subscription with ID 53:...
WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Subscriptions Type Plugin Vulnerable versions = 5.1.2 Fixed in 5.1.3 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-35914 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 00ef3fa8d5b4 Credits...
WordPress WooCommerce Subscriptions Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WooCommerce Subscriptions is a subscription plugin used in it. A cross-site scripting vulnerability exists in WordPress...
WordPress WooCommerce Subscriptions Plugin < 2.6.3 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113732";...
CVE-2019-18834
Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...
Cross site scripting
Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...
CVE-2019-18834
CVE-2019-18834 affects the WordPress plugin WooCommerce Subscriptions (pre-2.6.3). The vulnerability is a persistent cross-site scripting (XSS) flaw caused by mishandling of Billing Details in WCS_Admin_Post_Types (class-wcs-admin-post-types.php), allowing remote attackers to execute arbitrary Ja...