3 matches found
WordPress Eyewear prescription form plugin <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Product Creation vulnerability
Missing Authorization to Unauthenticated Arbitrary WooCommerce Product Creation vulnerability discovered by WordFence in WordPress Plugin Eyewear prescription form versions = 6.0.1...
WordPress Ultimate Product Catalog plugin <= 5.0.25 - Arbitrary Product Creation & Settings Update vulnerability
Arbitrary Product Creation & Settings Update vulnerability discovered by Krzysztof Zając in WordPress Ultimate Product Catalog plugin versions = 5.0.25. Solution Update the WordPress Ultimate Product Catalog plugin to the latest available version at least 5.0.26...
Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update
The plugin does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example To add a product: fetch"https://example.com/wp-admin/admin-ajax.php",...