E-commerce

In WooCommerce Check Pincode/Zipcode for Shipping plugin versions up to 2.0.4 a medium severity vulnerability CVE-2024-12218 was detected. This vulnerability allows unauthenticated attackers to inject malicious web scripts via a forged request due to missing or incorrect nonce validation. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12218.

In WooCommerce Point of Sale plugin for WordPress versions up to 6.1.0 a critical severity vulnerability CVE-2024-11281 was detected. This vulnerability allows attackers to change the email and reset the password of any user, including administrators, due to insufficient validation of the ‘logged_in_user_id’ value. To address this issue, users should upgrade to version 6.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11281.

In WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates plugin for WordPress in versions up to 2.9.1 a medium severity vulnerability CVE-2024-53740 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages by tricking users into actions such as clicking on a link, due to insufficient input sanitization and output escaping. To address this issue, users must upgrade to version 2.9.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53740.

In Wallet for WooCommerce plugin versions up to 1.5.6 a medium severity vulnerability CVE-2024-7747 was detected. This vulnerability allows attackers with Subscriber access or higher to generate fake funds and transfer them to users or themselves. They could also request withdrawals if approved by an admin. To address this issue, users must upgrade to Wallet for WooCommerce version 1.5.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7747.

In PrestaShop version 8.1.4 a medium severity vulnerability CVE-2024-36626 was detected. This vulnerability allows attackers to exploit the function with malformed inputs, potentially causing the application to crash or resulting in a denial of service (DoS). To fix this issue, users should upgrade PrestaShop to version 8.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-36626.

In WooCommerce in all versions up to and including 2.2.9 a medium severity vulnerability CVE-2024-10852 was detected. This vulnerability allows attackers with low-level access to export plugin settings, potentially exposing sensitive data. To fix this problem, users should upgrade to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10852

In WooCommerce in all versions up to and including 2.2.9 a medium severity vulnerability CVE-2024-10854 was detected. This vulnerability allows attackers with low-level access to import and modify plugin settings, potentially compromising data. To fix this problem, users should upgrade to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10854.

In WooCommerce versions up to and including 5.3.9 of the Laybuy Payment Extension a medium severity vulnerability CVE-2024-37203 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels. Currently there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37203.

In WooCommerce Customers Order History plugin versions up to 5.2.2 a medium severity vulnerability CVE-2024-37201 was detected. This issue allows attackers to misuse access control settings. Currently, there is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37201.