10 matches found
EUVD-2024-47826
Malicious code in bioql PyPI...
CVE-2024-6799
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
CVE-2024-6799
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
CVE-2024-6799
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
CVE-2024-6799
CVE-2024-6799 affects YITH Essential Kit for WooCommerce #1 (WordPress) and, per connected sources, versions up to 2.34.0 are vulnerable due to a missing capability check in activate_module, deactivate_module, and install_module. This allows authenticated users with Subscriber+ privileges to inst...
CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
WordPress YITH Essential Kit for WooCommerce #1 plugin <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Install, Activation, and Deactivation vulnerability discovered by Lucio Sá in WordPress Plugin YITH Essential Kit for WooCommerce 1 versions = 2.34.0...
PT-2024-37871 · Yith · Yith Essential Kit For Woocommerce
Name of the Vulnerable Software and Affected Versions: YITH Essential Kit for WooCommerce versions up to, and including, 2.34.0 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without proper authorization. This is due to a missing...
WordPress YITH Essential Kit for WooCommerce #1 Plugin <= 2.34.0 is vulnerable to Broken Access Control
Software YITH Essential Kit for WooCommerce 1 Type Plugin Vulnerable versions = 2.34.0 Fixed in 2.35.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6799 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f3f670016683 Credits Lucio S...