3 matches found
CVE-2024-13694
creationtimestamp| type| source ---|---|--- 2025-01-30 08:23:09+00:00| seen| https://infosec.exchange/users/cve/statuses/113916339058988790 2025-01-30 09:15:33+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgx5ipqogz2c 2025-01-30 10:11:36+00:00| seen|...
CVE-2024-13694 WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function
The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the downloadpdffile function due to missing validation on a user controlled key. Th...
CVE-2024-13694
CVE-2024-13694 : The WooCommerce Wishlist plugin for WordPress (versions up to and including 1.8.7) is vulnerable to an insecure direct object reference via the download_pdf_file() function due to missing validation on a user-controlled key. This allows unauthenticated attackers to disclose wishl...