4 matches found
Information disclosure
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...
CVE-2021-4335 Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...
Paid Membership Pro < 2.5.3 - Unauthorised Order Information Disclosure
The pmprogetorderjson AJAX action, available to authenticated user did not check for authorisation, allowing any authenticated users to retrieve arbitrary order information such as customer names, email addresses, and order numbers via the orderid parameter. PoC...
Information disclosure
member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter...