8 matches found
PT-2026-28198
Name of the Vulnerable Software and Affected Versions Amelia Booking plugin for WordPress versions up to 9.1.2 Description The Amelia Booking plugin for WordPress is susceptible to Insecure Direct Object References. The plugin allows user-controlled access to objects, potentially enabling a user ...
CVE-2025-14977
Dokan (WordPress Dokan Lite)
CVE-2025-14891
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
YITH WooCommerce Account Funds Premium < 1.34.0 - Missing Authorization
Description The YITH WooCommerce Account Funds Premium plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.33.0. This makes it possible for authenticated attackers, with customer-level access and above, ...
CVE-2024-2384 WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure
The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with...
WooCommerce POS < 1.4.12 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure
Description The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers,...
CVE-2023-3125 B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Price Modification
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bkingsavepriceimport' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions...
PT-2023-12456 · Woocommerce · Advanced Shipment Tracking For Woocommerce
Name of the Vulnerable Software and Affected Versions: Advanced Shipment Tracking for WooCommerce versions up to 3.2.6 Description: The issue concerns the function update shipment status email status fun in the Advanced Shipment Tracking for WooCommerce plugin, which is vulnerable to authenticate...