Exploit - CVE CyberSecurity Database News (Page 304)

CVE-2023-47764 - Exploiting Missing Authorization and Broken Access Control in Metaphor Creations Ditty (<= 3.1.24)

Dec 9, 2024 WordPress Exploit

CVE-2023-47764 - Exploiting Missing Authorization and Broken Access Control in Metaphor Creations Ditty (<= 3.1.24)

In late 2023, security researchers discovered a Missing Authorization vulnerability—tracked as CVE-2023-47764—in the popular WordPress plugin, Ditty by Metaphor Creations. This plugin is

Dec 9, 2024 WordPress Exploit

CVE-2023-47698 - How Incorrect Access Controls in Artisan Workshop Japanized For WooCommerce Led to a Serious Authorization Vulnerability

Summary: A critical security vulnerability, identified as CVE-2023-47698, was found in certain versions of the “Japanized For WooCommerce” plugin for WordPress. This flaw allowed unauthorized

Dec 9, 2024 WordPress API Exploit

CVE-2023-32299 - How a Missing Authorization Bug in Ni WooCommerce Sales Report Exposed Your Store Data

--- Introduction In 2023, security researchers discovered a critical vulnerability identified as CVE-2023-32299 in the WordPress plugin Ni WooCommerce Sales Report. This plugin, widely used

Dec 9, 2024 WordPress Exploit PHP

CVE-2023-30870 - How a Missing Authorization Vulnerability in Sharkdropship for AliExpress Dropship and Affiliate Lets Attackers Take Over WooCommerce Stores

Security flaws in WordPress plugins are a frequent attack target, but sometimes a single mistake in how a plugin checks user authorization can become disastrous.

Dec 9, 2024 WordPress Exploit OAuth Google

CVE-2023-25455 - How a Missing Authorization Bug in miniOrange WordPress Social Login and Register Lets Attackers Exploit Your Site

If you’re using WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) by miniOrange, your website could be exposed to hackers. The vulnerability, known