Design/Logic Flaw

The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...

CVE-2024-0617 Category Discount Woocommerce <= 4.12 - Missing Authorization via wpcd_save_discount()

The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...

WooCommerce Subscriptions < 5.8.0 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function, making it possible for authenticated attackers, with contributor-level access and above, to make use of that function...

The vulnerability of the sub-component “Outcome-Result” of the component “Oracle Customer Interaction History” in the Oracle E-Business Suite system, which allows a malicious user to access, modify, add, or delete data.

The vulnerability of the CRM User Management Framework component of the Oracle Customer Interaction History system within the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify, add, or...

The vulnerability of the sub-component “Engineering Change Order” of the “Oracle Application Object Library” component in the Oracle E-Business Suite system, which allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the sub-component “Engineering Change Order” of the Oracle Application Object Library in the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modif...

The vulnerability of the Setup sub-component, part of the Admin component in Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the Setup sub-component and the Admin component of Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...

GS Pins for Pinterest Lite < 1.8.1 - Missing Authorization via _update_shortcode

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check and a misconfigured nonce check on the updateshortcode function, allowing authenticated attackers, with subscriber access and above, to update the plugin's shortcodes...

RHCOS 4 : OpenShift Container Platform 4.10.60 (RHSA-2023:3216)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3216 advisory. - cri-o: incorrect handling of the supplementary groups CVE-2022-2995 Note that Nessus has not tested for this issue but has instead relied...

RHCOS 4 : OpenShift Container Platform 4.11.43 (RHSA-2023:3541)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3541 advisory. - cri-o: incorrect handling of the supplementary groups CVE-2022-2995 - flask: Possible disclosure of permanent session cookie due t...

The vulnerability of the sub-component “Engineering Change Order” of the “Oracle Application Object Library” component in the Oracle E-Business Suite system, which allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Login component – SSO in the Oracle Application Object Library exists due to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the Security component of the Oracle Java SE software platform, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Security component of Oracle Java SE software, as well as of Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the...

The vulnerability of the ECC sub-component of the Oracle iStore component in the Oracle E-Business Suite system allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the ECC sub-component of the Oracle iStore component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to lack of access control. This allows an attacker to gain access and modify the data.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to lack of access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to modify the data...

The vulnerability of the Event Management component of the Oracle Enterprise Manager Base Platform allows a malicious actor to gain read, modify, or delete access to data, or to cause a service failure.

The vulnerability of the Event Management component of the Oracle Enterprise Manager Base Platform is related to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor to gain read, modify, or delete access to data, or cause service interruptions...

The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software platform allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read,...

The vulnerability of the Advanced UI component of the Oracle WebCenter Sites application allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the Advanced UI component in Oracle WebCenter Sites applications relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, or delete data...

The vulnerability of the Infrastructure component of Oracle Financial Services Analytical Applications Infrastructure (OFSAAI) allows a attacker to gain read, modify, or delete access to data, or cause a service failure.

The vulnerability of the Infrastructure component of the Oracle Financial Services Analytical Applications Infrastructure OFSAAI business analytics platform is related to insufficient validation of input data. Exploitation of this vulnerability could allow a malicious actor to gain read, modify, ...

Customer Reviews for WooCommerce < 5.38.2 - Missing Authorization via manual review reminders

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions in all versions up to 5.38.2 exclusive. This makes it possible for authenticated attackers, with...

Hardcoded credentials

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...