8.8
CVE-2021-4337
- EPSS 0.18%
- Veröffentlicht 07.06.2023 13:15:09
- Zuletzt bearbeitet 21.11.2024 06:37:27
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginMultiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization
Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0.
Mögliche Gegenmaßnahme
Add Product Tabs for WooCommerce: Update to version 1.5.0, or a newer patched version
Bulk Add to Cart for WooCommerce: Update to version 1.3.0, or a newer patched version
Floating Cart for WooCommerce: Update to version 1.3.0, or a newer patched version
Improved Sale Badges for WooCommerce: Update to version 4.4.0, or a newer patched version
Improved Product Options for WooCommerce: Update to version 5.3.0, or a newer patched version
Live Search for WooCommerce: Update to version 2.1.0, or a newer patched version
Package Quantity Discount: Update to version 1.2.0, or a newer patched version
Product Filter for WooCommerce: Update to version 8.2.0, or a newer patched version
Price Commander for WooCommerce: Update to version 1.3.0, or a newer patched version
Product Loops for WooCommerce: Update to version 1.7.0, or a newer patched version
Autopilot SEO for WooCommerce: Update to version 1.6.0, or a newer patched version
Share, Print and PDF Products for WooCommerce: Update to version 2.8.0, or a newer patched version
Comment and Review Spam Control for WooCommerce: Update to version 1.5.0, or a newer patched version
Live Product Editor for WooCommerce: Update to version 4.7.0, or a newer patched version
Warranties and Returns for WooCommerce: Update to version 5.3.0, or a newer patched version
XforWooCommerce: Update to version 1.7.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Add Product Tabs for WooCommerce
Version
[*, 1.5.0)
SystemWordPress Plugin
≫
Produkt
Bulk Add to Cart for WooCommerce
Version
[*, 1.3.0)
SystemWordPress Plugin
≫
Produkt
Floating Cart for WooCommerce
Version
[*, 1.3.0)
SystemWordPress Plugin
≫
Produkt
Improved Sale Badges for WooCommerce
Version
[*, 4.4.0)
SystemWordPress Plugin
≫
Produkt
Improved Product Options for WooCommerce
Version
[*, 5.3.0)
SystemWordPress Plugin
≫
Produkt
Live Search for WooCommerce
Version
[*, 2.1.0)
SystemWordPress Plugin
≫
Produkt
Package Quantity Discount
Version
[*, 1.2.0)
SystemWordPress Plugin
≫
Produkt
Product Filter for WooCommerce
Version
[*, 8.2.0)
SystemWordPress Plugin
≫
Produkt
Price Commander for WooCommerce
Version
[*, 1.3.0)
SystemWordPress Plugin
≫
Produkt
Product Loops for WooCommerce
Version
[*, 1.7.0)
SystemWordPress Plugin
≫
Produkt
Autopilot SEO for WooCommerce
Version
[*, 1.6.0)
SystemWordPress Plugin
≫
Produkt
Share, Print and PDF Products for WooCommerce
Version
[*, 2.8.0)
SystemWordPress Plugin
≫
Produkt
Comment and Review Spam Control for WooCommerce
Version
[*, 1.5.0)
SystemWordPress Plugin
≫
Produkt
Live Product Editor for WooCommerce
Version
[*, 4.7.0)
SystemWordPress Plugin
≫
Produkt
Warranties and Returns for WooCommerce
Version
[*, 5.3.0)
SystemWordPress Plugin
≫
Produkt
XforWooCommerce
Version
[*, 1.7.0)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xforwoocommerce ≫ Add Product Tabs SwPlatformwordpress Version < 1.5.0
Xforwoocommerce ≫ Autopilot Seo SwPlatformwordpress Version < 1.6.0
Xforwoocommerce ≫ Bulk Add To Cart SwPlatformwordpress Version < 1.3.0
Xforwoocommerce ≫ Comment And Review Spam Control SwPlatformwordpress Version < 1.5.0
Xforwoocommerce ≫ Floating Cart SwPlatformwordpress Version < 1.3.0
Xforwoocommerce ≫ Improved Product Options SwPlatformwordpress Version < 5.3.0
Xforwoocommerce ≫ Improved Sale Badges SwPlatformwordpress Version < 4.4.0
Xforwoocommerce ≫ Live Product Editor SwPlatformwordpress Version < 4.7.0
Xforwoocommerce ≫ Live Search SwPlatformwordpress Version < 2.1.0
Xforwoocommerce ≫ Package Quantity SwPlatformwordpress Version < 1.2.0
Xforwoocommerce ≫ Price Commander SwPlatformwordpress Version < 1.3.0
Xforwoocommerce ≫ Product Filter SwPlatformwordpress Version < 8.2.0
Xforwoocommerce ≫ Product Loops SwPlatformwordpress Version < 1.7.0
Xforwoocommerce ≫ Share, Print And Pdf Products SwPlatformwordpress Version < 2.8.0
Xforwoocommerce ≫ Warranties And Returns SwPlatformwordpress Version < 5.3.0
Xforwoocommerce ≫ Xforwoocommerce SwPlatformwordpress Version < 1.7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.394 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.