5.3

CVE-2024-43219

WordPress Persian WooCommerce plugin <= 7.1.6 - Broken Access Control vulnerability

Persian WooCommerce <= 7.1.6 - Missing Authorization

Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6.
Mögliche Gegenmaßnahme
ووکامرس فارسی: Update to version 9.0.0, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerwoocommerce
Produkt persian-woocommerce
Default Statusunknown
Version <= 7.1.6
Version 0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt ووکامرس فارسی
Version *-7.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.287
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
audit@patchstack.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://patchstack.com/database/vulnerability/persian-woocommerce/wordpress-persian-woocommerce-plugin-7-1-6-broken-access-control-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/db2a9f84-2696-42a5-961c-3c69e64a6d42
Third Party Advisory