Legion Hunter

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6.

**Nome do Software Vulnerável e Versões Afetadas** RepairBuddy versões anteriores a 4.1121 **Description** Uma falha de autorização ausente no Webful Creations RepairBuddy permite a exploração de níveis de segurança de controle de acesso configurados incorretamente. **Recommendations** Atualize para uma versão posterior a 4.1121.

**Nome do Software Vulnerável e Versões Afetadas** Autoship Cloud for WooCommerce Subscription Products versões anteriores a 2.14.1 **Description** Uma falha de autorização ausente existe no plugin Autoship Cloud for WooCommerce Subscription Products, o que permite a exploração de níveis de segurança de controle de acesso configurados incorretamente. Este é um problema de controle de acesso quebrado onde o sistema falha ao verificar adequadamente a identidade ou as permissões de um usuário antes de conceder acesso a recursos restritos. **Recommendations** Atualize para uma versão posterior a 2.14.0.

**Nome do Software Vulnerável e Versões Afetadas** WP Search Analytics versões anteriores a 1.5.0 **Description** Uma falha de autorização ausente no plugin permite a exploração de níveis de segurança de controle de acesso configurados incorretamente, resultando em controle de acesso quebrado. **Recommendations** Atualize para a versão 1.5.0 ou posterior.

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3.

**Nome do Software Vulnerável e Versões Afetadas** Feeds for YouTube versões anteriores a 2.6.4 **Descrição** Uma verificação de capacidade ausente na função `actions()` permite que usuários com privilégios de assinante ou superiores modifiquem ou excluam a chave de licença do plugin de forma não autorizada. **Recomendações** Atualize para a versão 2.6.4 ou posterior. Como medida paliativa temporária, restrinja o acesso à função `actions()` apenas a usuários administrativos autorizados.

**Nome do Software Vulnerável e Versões Afetadas** Barcode Scanner with Inventory & Order Manager versões anteriores a 1.11.0 **Descrição** Uma falha de Cross-Site Request Forgery (CSRF) existe no Barcode Scanner with Inventory & Order Manager. Este problema permite que um invasor induza um usuário a realizar ações que ele não pretendia fazer, enganando-o para clicar em um link malicioso ou visitar uma página comprometida. **Recomendações** Atualize para uma versão posterior a 1.11.0.

Name of the Vulnerable Software and Affected Versions Eniture technology LTL Freight Quotes – Worldwide Express Edition versões até 5.2.1 Description Existe uma falha de autorização em Eniture technology LTL Freight Quotes – Worldwide Express Edition devido a níveis de segurança de controle de acesso configurados incorretamente. Recommendations Atualize para uma versão posterior a 5.2.1

**Name of the Vulnerable Software and Affected Versions** Funlus Oy WPLifeCycle versions through 3.3.1 **Description** An authorization issue exists in Funlus Oy WPLifeCycle free-php-version-info, allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Versions prior to 3.3.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** Chocolate House versions through 1.1.5 **Description** A missing authorization issue exists in Chocolate House, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update Chocolate House to a version later than 1.1.5.

**Name of the Vulnerable Software and Affected Versions** Aryan Shirani Bid Abadi Site Suggest versions through 1.3.9 **Description** The software contains a missing authorization flaw in the `site-suggest` functionality. This allows access to functionality that is not properly restricted by Access Control Lists (ACLs). **Recommendations** Update to a version later than 1.3.9.

**Name of the Vulnerable Software and Affected Versions** Print Invoice & Delivery Notes for WooCommerce versions through 5.8.0 **Description** The software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue is a missing authorization check. **Recommendations** Update Print Invoice & Delivery Notes for WooCommerce to a version newer than 5.8.0.

**Name of the Vulnerable Software and Affected Versions** PDF for Elementor Forms + Drag And Drop Template Builder versions through 6.3.1 **Description** A missing authorization issue exists in PDF for Elementor Forms + Drag And Drop Template Builder. The issue involves exploiting incorrectly configured access control security levels within the add-on. **Recommendations** Update PDF for Elementor Forms + Drag And Drop Template Builder to a version newer than 6.3.1.

**Name of the Vulnerable Software and Affected Versions** CryoutCreations Serious Slider versions through 1.2.7 **Description** A missing authorization issue exists in CryoutCreations Serious Slider, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update CryoutCreations Serious Slider to a version later than 1.2.7.

**Name of the Vulnerable Software and Affected Versions** WiserReview Product Reviews for WooCommerce versions through 2.9 **Description** An issue exists in WiserReview Product Reviews for WooCommerce related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue involves a missing authorization check. **Recommendations** Update WiserReview Product Reviews for WooCommerce to a version newer than 2.9.

**Name of the Vulnerable Software and Affected Versions** SeedProd Coming Soon Page, Under Construction & Maintenance Mode versions through 6.19.7 **Description** A missing authorization issue exists in SeedProd Coming Soon Page, Under Construction & Maintenance Mode. This allows exploitation due to incorrectly configured access control security levels. **Recommendations** Update SeedProd Coming Soon Page, Under Construction & Maintenance Mode to a version later than 6.19.7.

**Name of the Vulnerable Software and Affected Versions** Cookiebot versions through 4.6.4 **Description** An issue exists in Cookiebot related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows exploitation of access control. **Recommendations** Update Cookiebot to a version later than 4.6.4.

**Name of the Vulnerable Software and Affected Versions** BBR Plugins Better Business Reviews versions through 0.1.1 **Description** The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update BBR Plugins Better Business Reviews to a version later than 0.1.1.

**Name of the Vulnerable Software and Affected Versions** Endless Posts Navigation versions through 2.2.9 **Description** An authorization issue exists in Endless Posts Navigation that allows exploitation of incorrectly configured access control security levels. **Recommendations** Update Endless Posts Navigation to a version later than 2.2.9.

**Name of the Vulnerable Software and Affected Versions** Advanced iFrame versions prior to and including 2025.10 **Description** An authorization issue exists in Advanced iFrame, potentially allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Update Advanced iFrame to a version later than 2025.10.