Design/Logic Flaw

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...

WordPress Plugin WPify Woo Czech Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-1492 WPify Woo Czech <= 4.0.8 - Missing Authorization

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...

CVE-2024-1492 WPify Woo Czech <= 4.0.8 - Missing Authorization

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...

CVE-2024-1492

CVE-2024-1492 (WPify Woo Czech, WordPress). Vulnerability is due to a missing capability check in the maybe_send_to_packeta function; affects WPify Woo Czech plugin versions up to and including 4.0.8. Unauthenticated attackers could obtain shipping details for orders if the order number is known....

WordPress WPify Woo Czech Plugin <= 4.0.8 is vulnerable to Broken Access Control

Software WPify Woo Czech Type Plugin Vulnerable versions = 4.0.8 Fixed in 4.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1492 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e2dc6ee494b6 Credits Francesco Carlucci Required...

PT-2024-18090 · WordPress · Wpify Woo Czech

Name of the Vulnerable Software and Affected Versions: WPify Woo Czech plugin versions up to, and including, 4.0.8 Description: The issue allows unauthorized access to data due to a missing capability check on the maybe send to packeta function. This makes it possible for unauthenticated attacker...

WordPress WPify Woo Czech plugin <= 3.5.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress WPify Woo Czech plugin versions = 3.5.6. Solution Update the WordPress WPify Woo Czech plugin to the latest available version at least 3.5.7...