5 matches found
CVE-2025-1780
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...
CVE-2025-1780
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...
CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...
CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...
CVE-2025-1780
CVE-2025-1780 : BuddyPress WooCommerce My Account Integration (WordPress plugin) suffers unauthorized access due to a missing capability check in wc4bp_delete_page() across versions up to 3.4.25, enabling authenticated users with Subscriber level and above to update the plugin settings. The vulne...