5 matches found
CVE-2023-4947
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2023-4947
creationtimestamp| type| source ---|---|--- 2023-10-20 12:41:14+00:00| seen| https://t.me/cibsecurity/72674 2025-02-14 10:05:07+00:00| seen| Telegram/6h2VEdNibEtL-zZniEzsfhc-adMuJfmWe0RdPUcdrdz5Emmq...
CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2023-4947
The CVE-2023-4947 entry concerns the WooCommerce EAN Payment Gateway plugin for WordPress. A missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0 allows authenticated attackers with contributor-level access or higher to modify EAN numbers on orders. The vulne...
WordPress WooCommerce EAN Payment Gateway Plugin < 6.1.0 is vulnerable to Broken Access Control
Software WooCommerce EAN Payment Gateway Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4947 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9bfa8f9c4e66 Credits Lana Codes Yan&C...