7.5
CVE-2024-13558
- EPSS 0.35%
- Veröffentlicht 20.03.2025 11:11:26
- Zuletzt bearbeitet 27.03.2025 15:27:56
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginNP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests.
Mögliche Gegenmaßnahme
NP Quote Request for WooCommerce: Update to version 1.9.180, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Neahplugins ≫ Np Quote Request For Woocommerce SwPlatformwordpress Version < 1.9.180
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
NP Quote Request for WooCommerce
Version
*-1.9.179
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.262 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://www.wordfence.com/threat-intel/vulnerabilities/id/5991c86b-6785-41a6-a5df-c65e8a28201c?source=cve
https://wordpress.org/plugins/woo-rfq-for-woocommerce/#developers
https://plugins.trac.wordpress.org/changeset/3256816/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5991c86b-6785-41a6-a5df-c65e8a28201c