5 matches found
CVE-2024-13692
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...
CVE-2024-13692
creationtimestamp| type| source ---|---|--- 2025-02-14 05:25:19+00:00| seen| https://infosec.exchange/users/cve/statuses/114000574448510025 2025-02-14 06:16:18+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li4kigpvbe2h 2025-02-14 07:10:01+00:00| seen|...
CVE-2024-13692
The CVE-2024-13692 entry for Return Refund and Exchange For WooCommerce (woo-refund-and-exchange-lite) is confirmed as a real vulnerability. It is an Insecure Direct Object Reference (IDOR) in all versions up to 4.4.5 caused by missing validation on a user-controlled key. This flaw allows unauthe...
CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...
CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...