Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:26 a.m.6 views

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS6.4AI score0.00357EPSS
Exploits0References1
Circl
Circl
added 2023/10/20 12:41 p.m.6 views

CVE-2023-4947

creationtimestamp| type| source ---|---|--- 2023-10-20 12:41:14+00:00| seen| https://t.me/cibsecurity/72674 2025-02-14 10:05:07+00:00| seen| Telegram/6h2VEdNibEtL-zZniEzsfhc-adMuJfmWe0RdPUcdrdz5Emmq...

4.3CVSS6.1AI score0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/20 6:35 a.m.8 views

CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS6.5AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 2023/10/20 6:35 a.m.47 views

CVE-2023-4947

The CVE-2023-4947 entry concerns the WooCommerce EAN Payment Gateway plugin for WordPress. A missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0 allows authenticated attackers with contributor-level access or higher to modify EAN numbers on orders. The vulne...

4.3CVSS4.6AI score0.00357EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.18 views

WordPress WooCommerce EAN Payment Gateway Plugin < 6.1.0 is vulnerable to Broken Access Control

Software WooCommerce EAN Payment Gateway Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4947 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9bfa8f9c4e66 Credits Lana Codes Yan&C...

4.3CVSS6.9AI score0.00357EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder