CVE-2024-34763

2024-06-1117:16:00

CWE-862

[email protected]

web.nvd.nist.gov

tobias conrad builder

woocommerce reviews

missing authorization

reviewshort

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.5.

Affected configurations

Vulners

Node

tobias_conradbuilder_for_woocommerce_reviews_shortcodes_–_reviewshortRange≤1.01.5

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woo-product-reviews-shortcode",
    "product": "Builder for WooCommerce reviews shortcodes – ReviewShort",
    "vendor": "Tobias Conrad",
    "versions": [
      {
        "changes": [
          {
            "at": "1.01.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.01.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-5-broken-access-control-vulnerability?_s_id=cve