CVE-2024-12266

The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import_rules() functions in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to import and export product rules along with obtaining phpinfo() data

More information : https://plugins.trac.wordpress.org/browser/elex-woocommerce-dynamic-pricing-and-discounts/tags/2.1.7/admin/elex-exporter.php#L9

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : LOW
Integrity impact : LOW
Base score : 6.5
Base severity : MEDIUM
Exploitability score : 3.9
Impact score : 2.5