5 matches found
CVE-2024-1310
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products...
CVE-2024-1310
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products...
CVE-2024-1310
CVE-2024-1310 affects WooCommerce for WordPress up to version 8.5.x (fixed in 8.6). The issue is aBroken Access Control: users with at least the contributor role could leak private, draft, or trashed products they should not access. Publicly documented by multiple sources (e.g., Patchstack, Red H...
CVE-2024-1310 WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products...
CVE-2024-1310 WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products...