6 matches found
CVE-2023-4947
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2023-6897
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress EAN for WooCommerce plugin <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via algwceanproductmeta Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin EAN for WooCommerce versions = 4.9.2...
CVE-2023-4947
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
WordPress WooCommerce EAN Payment Gateway Plugin < 6.1.0 is vulnerable to Broken Access Control
Software WooCommerce EAN Payment Gateway Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4947 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9bfa8f9c4e66 Credits Lana Codes Yan&C...