The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NTychesoftwares Product Input Fields For Woocommerce
APPTychesoftwares< 1.2.7
Related vulnerabilities
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to i...
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all vers...
CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputt...