2 matches found
CVE-2023-2275
The CVE-2023-2275 entry concerns the WooCommerce Multivendor Marketplace – REST API plugin for WordPress. It describes a vulnerability caused by missing capability checks in get_item, get_order_notes, and add_order_note, affecting versions up to 1.5.3. The impact stated across connected sources i...
CVE-2023-2275 WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API
The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...