4 matches found
CVE-2023-6897
CVE-2023-6897 affects the EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce plugin (EAN for WooCommerce) for WordPress. The Red Hat entry confirms an Insecure Direct Object Reference in all versions up to 4.9.2 via the shortcode alg_wc_ean_product_meta, caused by missing validat...
CVE-2023-0062
CVE-2023-0062 affects the WordPress plugin “EAN for WooCommerce” prior to version 4.4.3. The vulnerability arises because the plugin does not validate and escape certain shortcode attributes before echoing them on pages/posts containing the shortcode, enabling stored XSS for users with the Contri...
CVE-2024-34370
CVE-2024-34370 refers to an Improper Privilege Management vulnerability in the WPFactory EAN for WooCommerce plugin, affecting EAN for WooCommerce versions up to 4.8.9. The issue enables Privilege Escalation via Arbitrary Updates to options, with CVSSv3.1 metrics indicating Network attack vector,...
CVE-2023-6892
CVE-2023-6892 affects the EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce (EAN for WooCommerce) WordPress plugin. It is a Stored Cross-Site Scripting vulnerability exploitable via the alg_wc_ean_product_meta shortcode, in all versions up to and including 4.8.7, due to insuffic...