9 matches found
CVE-2025-2266
The CVE-2025-2266 entry concerns the WordPress plugin Checkout Mestres do WP for WooCommerce. Affected versions: 8.6.5–8.7.5. Root cause: a missing capability check in cwmpUpdateOptions() that allows unauthenticated modification of options. Impact: attackers can update arbitrary WordPress options...
WordPress plugin Checkout Mestres do WP for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-44030
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Absolute Path Traversal.This issue affects Checkout Mestres WP: from n/a through = 8.6...
CVE-2024-44030
CVE-2024-44030: Local File Inclusion (path traversal) in Checkout Mestres WP (Mestres do WP Checkout) plugins allows PHP local file inclusion. Affected: Checkout Mestres WP versions n/a through 8.6. Root cause: Improper limitation of a pathname to a restricted directory. Impact: Confidentiality, ...
CVE-2023-51471
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7...
CVE-2023-51472
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7...
CVE-2023-51469
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6...
CVE-2023-51469
CVE-2023-51469 is an unauthenticated SQL injection in Checkout Mestres WP (WordPress plugin). The vulnerability arises from Improper Neutralization of Special Elements used in an SQL Command in the Checkout Mestres WP plugin, affecting versions up to 7.1.9.6. Public sources describe a high-severi...