2 matches found
CVE-2023-6897
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress EAN for WooCommerce Plugin <= 4.9.2 is vulnerable to Insecure Direct Object References (IDOR)
Software EAN for WooCommerce Type Plugin Vulnerable versions = 4.9.2 Fixed in 4.9.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6897 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7bcaa4f06d9a Credits Francesco...