6 matches found
CVE-2024-0617
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...
CVE-2024-0617
creationtimestamp| type| source ---|---|--- 2024-01-25 03:26:53+00:00| seen| https://t.me/ctinow/173246 2024-02-18 07:06:32+00:00| seen| https://t.me/ctinow/187136...
CVE-2024-0617
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...
CVE-2024-0617
The CVE-2024-0617 entry concerns the Category Discount Woocommerce plugin for WordPress. A missing capability check in the wpcd_save_discount() function affects all versions up to and including 4.12, enabling unauthenticated attackers to modify product category discounts and potentially cause rev...
WordPress Category Discount Woocommerce Plugin <= 4.12 is vulnerable to Broken Access Control
Software Category Discount Woocommerce Type Plugin Vulnerable versions = 4.12 Fixed in 4.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0617 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26f9aa0c44b8 Credits Krzysztof Zając...
WordPress Category Discount Woocommerce Plugin <= 4.11 is vulnerable to Cross Site Request Forgery (CSRF)
Software Category Discount Woocommerce Type Plugin Vulnerable versions = 4.11 Fixed in 4.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0617 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cff1c97352ca Credits Krzyszto...