E-commerce

In Waitlist plugin for WooCommerce versions up to 2.6 a medium severity vulnerability CVE-2024-43134 was detected. This vulnerability allows attackers to gain unauthorized access to certain WooCommerce waitlist features by exploiting improper security settings. To fix this issue, users should upgrade Waitlist WooCommerce plugin to version 2.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43134.

In Print Barcode Labels plugin for WooCommerce versions up to 3.4.9 a medium severity vulnerability CVE-2024-43310 was detected. This vulnerability allows attackers to gain unauthorized access to barcode printing features for WooCommerce products and orders. To fix this issue, users should upgrade Print Barcode Labels plugin for WooCommerce to version 3.4.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43310.

In WPClever WPC Frequently Bought Together plugin for WooCommerce versions up to 7.1.9 a medium severity vulnerability CVE-2024-43312 was detected. This vulnerability allows attackers to gain unauthorized access to features of the WPC Frequently Bought Together plugin for WooCommerce by exploiting weak access control settings, potentially letting them manipulate or view sensitive data related to purchased products. To fix this issue, users should upgrade WPClever WPC Frequently Bought Together plugin for WooCommerce to version 7.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43312.

In WooCommerce Multilingual & Multicurrency versions up to 5.3.6 a medium severity vulnerability CVE-2024-44006 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, potentially bypassing authorization controls. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-44006.

In WooCommerce PDF Voucher plugin versions 4.9.4 and prior a high severity vulnerability CVE-2024-39650 was detected. This vulnerability allows missing capability checks in several functions, leading to unauthorized access. Unauthenticated attackers can exploit this to perform actions intended for admins. To fix this issue, users need to update to versions 4.9.5 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39650.

In WooCommerce Product Delivery Date plugin versions 2.7.2 and prior a medium severity vulnerability CVE-2024-38702 was found. This vulnerability lacks authorization controls, allowing unauthorized access to functions that should be restricted by Access Control Lists (ACLs). To fix this issue, users need to update to versions 2.7.3 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38702.

In WooCommerce PDF Invoices & Packing Slips versions up to 3.8.6 a medium severity vulnerability CVE-2024-5042, was detected. This allows attackers to exploit incorrectly configured access control security levels, potentially leading to unauthorized access. To fix this issue, users must upgrade to version 3.8.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-50421.

In Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a medium severity vulnerability CVE-2024-45131 was detected. This vulnerability allows attackers with limited access to bypass security restrictions and potentially access sensitive information or perform unauthorized actions within Adobe Commerce. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45131.

In Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a high severity vulnerability CVE-2024-45133 was detected. This vulnerability allows attackers with admin access to bypass security features, potentially exposing sensitive information and enabling further attacks. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45133.