Vulnerabilities and security researches foradvanced-local-pickup-for-woocommerce advanced-local-pickup-for-woocommerce
Direction: ascendingJun 07, 2024
Advanced Local Pickup for WooCommerce # CVE-2024-32814
- CVE, Research URL
- Application
- Date
- Jun 09, 2024
- Research Description
- Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1.
- Affected versions
-
max 1.6.2.
- Status
-
vulnerable
Advanced Local Pickup for WooCommerce # CVE-2022-40702
- CVE, Research URL
- Application
- Date
- Jan 17, 2024
- Research Description
- Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2.
- Affected versions
-
max 1.5.3.
- Status
-
vulnerable
Advanced Local Pickup for WooCommerce # CVE-2023-2841
- CVE, Research URL
- Application
- Date
- Nov 22, 2023
- Research Description
- The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 1.6.0.
- Status
-
vulnerable
Advanced Local Pickup for WooCommerce # CVE-2024-31283
- CVE, Research URL
- Application
- Date
- Jun 10, 2024
- Research Description
- Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.2.
- Affected versions
-
max 1.6.3.
- Status
-
vulnerable