Vulnerabilities and security researches forcart-rest-api-for-woocommerce cart-rest-api-for-woocommerce

Jun 07, 2024

CVE, Research URL: 8dc47e60294b1857b3677ea4e6141b753f4b4e79
Home page URL: Security reports for CoCart – Decoupling WooCommerce Made Easy
Application: CoCart – Decoupling WooCommerce Made Easy
Date: Nov 07, 2023
Research Description: CoCart – Decoupling Made Easy for WooCommerce [cart-rest-api-for-woocommerce] < 3.12.0 WordPress CoCart – Headless ecommerce Plugin <= 3.9.0 is vulnerable to Broken Access Control No patched version is available. Mika discovered and reported this Broken Access Control vulnerability in WordPress CoCart – Headless ecommerce Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-47241
Home page URL: Security reports for CoCart – Decoupling WooCommerce Made Easy
Application: CoCart – Decoupling WooCommerce Made Easy
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in CoCart Headless, LLC CoCart – Headless ecommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoCart – Headless ecommerce: from n/a through 3.11.2.
Affected versions: Min -, max -.
Status: vulnerable