The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that
The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id'
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in al
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due to the plugin not properly verifying the existe
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes i
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capabi
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of al
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capabili
The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all v
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUp
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identit
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated thr
The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible
The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly
The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This
The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not prope
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as scr
Page 1+ Next →