Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.3 views

CVE-2024-5768

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimoupdateprovider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS4.9AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/19 3:12 a.m.28 views

CVE-2024-5768 MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Authenticated (Contributor+) Stored Cross-Site Scripting

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimoupdateprovider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2024/06/19 3:12 a.m.54 views

CVE-2024-5768

CVE-2024-5768 affects MIMO Woocommerce Order Tracking (WordPress). The vulnerability is due to a missing capability check in mimo_update_provider, affecting all versions up to and including 1.0.2. Exploitation requires Subscriber+ authenticated access and can enable unauthorized modification of s...

6.4CVSS6.2AI score0.00239EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/18 12:0 a.m.13 views

WordPress MIMO Woocommerce Order Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MIMO Woocommerce Order Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5768 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 17c034ea51f0 Credits Luci...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder