Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:26 a.m.6 views

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS6.4AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2024/04/18 11:15 a.m.3 views

CVE-2023-6897

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00375EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/18 1:42 a.m.5 views

WordPress EAN for WooCommerce plugin <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via algwceanproductmeta Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin EAN for WooCommerce versions = 4.9.2...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/20 7:15 a.m.5 views

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS7.3AI score0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/20 6:35 a.m.8 views

CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS6.5AI score0.00357EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.18 views

WordPress WooCommerce EAN Payment Gateway Plugin < 6.1.0 is vulnerable to Broken Access Control

Software WooCommerce EAN Payment Gateway Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4947 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9bfa8f9c4e66 Credits Lana Codes Yan&C...

4.3CVSS6.9AI score0.00357EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder