Vulnerabilities

CVE-2024-0201

by Fred · 03/01/2024

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_settings’ function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.

More information : https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.5/product-expiry-for-woocommerce.php#L263

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : NONE
Integrity impact : LOW
Base score : 4.3
Base severity : MEDIUM
Exploitability score : 2.8
Impact score : 1.4

Similar

Tags: Cybersecurity Alert