Lucene search
K

5 matches found

NVD
NVD
added 2023/06/07 1:15 p.m.26 views

CVE-2021-4337

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

8.8CVSS8.4AI score0.01285EPSS
Exploits1References3
OSV
OSV
added 2023/06/07 1:15 p.m.4 views

CVE-2021-4337

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

8.8CVSS5.8AI score0.01285EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/07 12:43 p.m.12 views

CVE-2021-4337 Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

8.8CVSS7.2AI score0.01285EPSS
Exploits1References3
CVE
CVE
added 2023/06/07 12:43 p.m.68 views

CVE-2021-4337

CVE-2021-4337 describes an authorization bypass in Sixteen XforWooCommerce Add-On Plugins for WordPress caused by a missing capability check in the wp_ajax_svx_ajax_factory function. Authenticated users with subscriber-level permissions and above can read, edit, or delete WordPress settings, plug...

8.8CVSS8.2AI score0.01285EPSS
Exploits1References3Affected Software16
Cvelist
Cvelist
added 2023/06/07 12:43 p.m.30 views

CVE-2021-4337 Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

8.8CVSS8.5AI score0.01285EPSS
Exploits1References3
Rows per page
Query Builder