Lucene search

WordfenceCVELIST:CVE-2021-4379

HistoryJun 07, 2023 - 12:43 p.m.

CVE-2021-4379

2023-06-0712:43:12

Wordfence

www.cve.org

wordpress

woocommerce

multi currency

plugin

authorization bypass

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

36.6%

JSON

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.

CNA Affected

[
  {
    "vendor": "villatheme",
    "product": "WooCommerce Multi Currency",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.1.17",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/

codecanyon.net/item/woocommerce-multi-currency/20948446

www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

36.6%

JSON

Related for CVELIST:CVE-2021-4379