cleantalk
Vulnerabilities and Security Researches

Product Catalog Mode For WooCommerce, 4455186991c9d54dbcfe314c2afb2c8e4e15795a

CVE, Research URL

4455186991c9d54dbcfe314c2afb2c8e4e15795a

Home page URL

Security reports for Product Catalog Mode For WooCommerce

Application

Product Catalog Mode For WooCommerce

Published on
Nov 03, 2023
Research Description
CatalogX &#8211; Catalog Mode, Enquiry &amp; Quotes for WooCommerce [woocommerce-catalog-enquiry] < 5.0.3 Product Catalog Mode For Woocommerce <= 5.0.2 - Missing Authorization The Product Catalog Mode For Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dismiss_mvx_catalog_servive_notice function in all versions up to 5.0.3 (exclusive). This makes it possible for authenticated attackers, with subscriber access and above, to dismiss admin notifications.
Affected versions
max 5.0.3.
Status
vulnerable
Previous vulnerability researches
Payment Gateway for PayFabric (8bbbf1c0e1c721fb1f89da1df32fc1e12d96430d) , Jun 07, 2024
Payment Gateway for PayFabric (CVE-2023-33999) , Jun 13, 2026
Payment Gateway for PayFabric (7561f277f93e22b75aabd0195a11a27ce8a0b791) , Jun 16, 2026
Payment Gateway for PayFabric (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
New vulnerability
Ticket Spot (CVE-2023-53595) , Jun 16, 2026
WP Gravity Forms Constant Contact Plugin (78da7e4ebf17bf04d89df5a7a7492deb53506a60) , Jun 16, 2026
WP Gravity Forms Constant Contact Plugin (CVE-2025-30954) , Jun 16, 2026
Auto Attachments (c53be3d7-5c3d-4cc5-a09d-b9c55bf8aad8) , Jun 16, 2026
Easy Code Snippets (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026