Vulnerabilities and security researches forproduct-expiry-for-woocommerce product-expiry-for-woocommerce
Direction: ascendingJun 07, 2024
Product Expiry for WooCommerce # CVE-2024-0201
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 03, 2024
- Research Description
- The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.
- Affected versions
-
max 2.6.
- Status
-
vulnerable
Product Expiry for WooCommerce # 3b66effa10c8c27ee99c2ded56fe6911f34a4f72
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- Product Expiry for WooCommerce [product-expiry-for-woocommerce] < 2.6 WordPress Product Expiry for WooCommerce Plugin <= 2.5 is vulnerable to Broken Access Control Update the WordPress Product Expiry for WooCommerce plugin to the latest available version (at least 2.6). LVT-tholv2k discovered and reported this Broken Access Control vulnerability in WordPress Product Expiry for WooCommerce Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 2.6. Have additional information or questions about this entry? Get in touch.
- Affected versions
-
max 2.6.
- Status
-
vulnerable
Jul 11, 2024
Product Expiry for WooCommerce # CVE-2023-52179
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 11, 2024
- Research Description
- Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5.
- Affected versions
-
max 2.6.
- Status
-
vulnerable