Vulnerabilities and security researches forcheckout-mestres-wp checkout-mestres-wp

Jun 06, 2024

CVE, Research URL: CVE-2023-51472
Home page URL: Security reports for Checkout Mestres WP
Application: Checkout Mestres WP
Date: Apr 24, 2024
Research Description: Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-51471
Home page URL: Security reports for Checkout Mestres WP
Application: Checkout Mestres WP
Date: Apr 24, 2024
Research Description: Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-51469
Home page URL: Security reports for Checkout Mestres WP
Application: Checkout Mestres WP
Date: Dec 31, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6.
Affected versions: Min -, max -.
Status: vulnerable

Sep 28, 2024

CVE, Research URL: CVE-2024-44030
Home page URL: Security reports for Checkout Mestres WP
Application: Checkout Mestres WP
Date: Oct 02, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-2266
Home page URL: Security reports for Checkout Mestres WP
Application: Checkout Mestres WP
Date: Mar 29, 2025
Research Description: The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Affected versions: Min -, max -.
Status: vulnerable

Apr 10, 2025

CVE, Research URL: CVE-2025-32695
Home page URL: Security reports for Checkout Mestres WP
Application: Checkout Mestres WP
Date: Apr 09, 2025
Research Description: Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation. This issue affects Checkout Mestres WP: from n/a through 8.7.5.
Affected versions: Min -, max -.
Status: vulnerable