Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

westerndeal

Source -

CNANVD

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2023-2334
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:08
Updated-11 Jun, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Digital Downloads Google Sheet Connector < 1.6.6 - Access Code Update via CSRF

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

Action-Not Available
Vendor-gsheetconnectorwesterndealUnknown
Product-edd_gsheetconnectoreasy_digital_downloads_google_sheet_connectorEasy Digital Downloads Google Sheet Connectoredd-google-sheet-connector-pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30592
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.87%
||
7 Day CHG-0.01%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dewplayer - <= <= 1.6 Broken Access Control Vulnerability

Missing Authorization vulnerability in westerndeal Advanced Dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Dewplayer: from n/a through 1.6.

Action-Not Available
Vendor-westerndeal
Product-Advanced Dewplayer
CWE ID-CWE-862
Missing Authorization
CVE-2024-5654
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.61%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 08:39
Updated-01 Nov, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.

Action-Not Available
Vendor-gsheetconnectorwesterndealgsheetconnector
Product-cf7_google_sheets_connectorCF7 Google Sheets Connectorcf7_google_sheets_connector
CWE ID-CWE-862
Missing Authorization
CVE-2024-1562
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.00%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 03:36
Updated-07 Mar, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-gsheetconnectorwesterndealgsheetconnector
Product-woocommerce_google_sheet_connectorWooCommerce Google Sheet Connectorwoocommerce_google_sheet_connector
CWE ID-CWE-862
Missing Authorization
CVE-2013-7240
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-73.63% / 98.76%
||
7 Day CHG~0.00%
Published-02 Jan, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.

Action-Not Available
Vendor-westerndealn/aWordPress.org
Product-advanced_dewplayerwordpressn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')