In WooCommerce versions up to and including 5.3.9 of the Laybuy Payment Extension a medium severity vulnerability CVE-2024-37203 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels. Currently there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37203.
Read more E-commerce
In WooCommerce Customers Order History plugin versions up to 5.2.2 a medium severity vulnerability CVE-2024-37201 was detected. This issue allows attackers to misuse access control settings. Currently, there is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37201.
Read more E-commerce
In Umbraco CMS version 12.3.6 a medium severity vulnerability CVE-2024-10761 was detected. This issue allows attackers to exploit cross-site scripting (XSS) through the `culture` argument in the `/Umbraco/preview/frame?id{}` file of the Dashboard component. The exploit is publicly available and can be used remotely. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10761.
Read more CMS
In Waitlist plugin for WooCommerce versions up to 2.6 a medium severity vulnerability CVE-2024-43134 was detected. This vulnerability allows attackers to gain unauthorized access to certain WooCommerce waitlist features by exploiting improper security settings. To fix this issue, users should upgrade Waitlist WooCommerce plugin to version 2.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43134.
Read more E-commerce
In Print Barcode Labels plugin for WooCommerce versions up to 3.4.9 a medium severity vulnerability CVE-2024-43310 was detected. This vulnerability allows attackers to gain unauthorized access to barcode printing features for WooCommerce products and orders. To fix this issue, users should upgrade Print Barcode Labels plugin for WooCommerce to version 3.4.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43310.
Read more E-commerce
In WPClever WPC Frequently Bought Together plugin for WooCommerce versions up to 7.1.9 a medium severity vulnerability CVE-2024-43312 was detected. This vulnerability allows attackers to gain unauthorized access to features of the WPC Frequently Bought Together plugin for WooCommerce by exploiting weak access control settings, potentially letting them manipulate or view sensitive data related to purchased products. To fix this issue, users should upgrade WPClever WPC Frequently Bought Together plugin for WooCommerce to version 7.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43312.
Read more E-commerce
In WooCommerce Multilingual & Multicurrency versions up to 5.3.6 a medium severity vulnerability CVE-2024-44006 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, potentially bypassing authorization controls. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-44006.
Read more E-commerce
In WooCommerce PDF Voucher plugin versions 4.9.4 and prior a high severity vulnerability CVE-2024-39650 was detected. This vulnerability allows missing capability checks in several functions, leading to unauthorized access. Unauthenticated attackers can exploit this to perform actions intended for admins. To fix this issue, users need to update to versions 4.9.5 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39650.
Read more E-commerce
In WooCommerce Product Delivery Date plugin versions 2.7.2 and prior a medium severity vulnerability CVE-2024-38702 was found. This vulnerability lacks authorization controls, allowing unauthorized access to functions that should be restricted by Access Control Lists (ACLs). To fix this issue, users need to update to versions 2.7.3 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38702.
Read more E-commerce