cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10854,https://securityvulnerability.io/vulnerability/CVE-2024-10854,Unauthorized Data Modification in WooCommerce Buy One Click Plugin,"The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import plugin settings.",Wordpress,Buy One Click WooCommerce,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-10853,https://securityvulnerability.io/vulnerability/CVE-2024-10853,Unauthorized Order Modification Vulnerability in Buy one Click WooCommerce Plugin,"The Buy One Click WooCommerce Plugin for WordPress contains a vulnerability that permits unauthorized modification of order data. This issue arises from a lack of proper capability checks on the removeorder AJAX action, affecting all versions up to and including 2.2.9. Authenticated attackers with Subscriber-level access and higher can exploit this flaw to delete WooCommerce orders without appropriate authorization. Such vulnerabilities highlight the importance of implementing stringent access controls and regular updates to safeguard against potential data breaches.",Wordpress,Buy One Click WooCommerce,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0