Lucene search

[email protected]CVE-2024-2384

HistoryMar 20, 2024 - 3:15 a.m.

CVE-2024-2384

2024-03-2003:15:08

[email protected]

web.nvd.nist.gov

woocommerce

pos

wordpress

plugin

vulnerability

information disclosure

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

8.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id

Affected configurations

Vulners

Node

kilbotwoocommerce_posRange≤1.4.11

CNA Affected

[
  {
    "vendor": "kilbot",
    "product": "WooCommerce POS",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.4.11",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053833%40woocommerce-pos&new=3053833%40woocommerce-pos&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

8.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-2384

wpvulndb1 cvelist1 nvd1 wordfence1