Vulnerabilities and security researches forquotes-for-woocommerce quotes-for-woocommerce

Jun 07, 2024

CVE, Research URL: 4986bcf46526056206f211f00c19617a3eeb65df
Home page URL: Security reports for Quotes for WooCommerce
Application: Quotes for WooCommerce
Date: Nov 30, 2023
Research Description: Quotes for WooCommerce [quotes-for-woocommerce] < 2.0.2 Quotes for WooCommerce <= 2.0.1 - Missing Authorization The Quotes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the qwc_update_status() and qwc_send_quote() functions hooked via AJAX in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify quote status and send quotes.
Affected versions: max 2.0.2.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-51680
Home page URL: Security reports for Quotes for WooCommerce
Application: Quotes for WooCommerce
Date: Jun 12, 2024
Research Description: Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1.
Affected versions: max 2.0.2.
Status: vulnerable