Vulnerabilities

CVE-2024-1119

by Fred · 20/03/2024

The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin’s order fees.

More information : https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/admin/controllers/reports.class.php#L359

Attack vector :
Attack complexity :
Privileges required :
User interaction :
Confidentiality impact :
Integrity impact :
Base score :
Base severity :
Exploitability score :
Impact score :

Similar

Tags: Cybersecurity Alert