4 matches found
CVE-2024-11911
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2024-11911
CVE-2024-11911 concerns the WP Crowdfunding plugin for WordPress. A missing capability check in the install_woocommerce_plugin() action allows authenticated users with Subscriber+ rights to install WooCommerce on all versions up to 2.1.12. Impact is limited since WooCommerce is typically required...
WordPress WP Crowdfunding plugin <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation vulnerability
Missing Authorization to Authenticated Subscriber+ WooCommerce Installation vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WP Crowdfunding versions = 2.1.12...
WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
Description The plugin does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products 1. ADMIN: Install WooCommerce 2. ADMIN: Add products of various visibility and statuses including Publish, Draft, Private,...