5.3

CVE-2024-1492

WPify Woo Czech <= 4.0.8 - Missing Authorization

WPify Woo Czech <= 4.0.8 - Missing Authorization

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.
Mögliche Gegenmaßnahme
WPify Woo – Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce: Update to version 4.0.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WpifyWoo Czech SwPlatformwordpress Version < 4.0.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WPify Woo – Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce
Version *-4.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.36
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail=
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18
Third Party Advisory