Lucene search

[email protected]NVD:CVE-2024-2384

HistoryMar 20, 2024 - 3:15 a.m.

CVE-2024-2384

2024-03-2003:15:08

[email protected]

web.nvd.nist.gov

cve-2024-2384

woocommerce pos

wordpress

information disclosure

authentication

authorization

user

sensitive information

order id vulnerability

authenticated attackers

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053833%40woocommerce-pos&new=3053833%40woocommerce-pos&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2024-2384

cvelist1 cve1 wpvulndb1 wordfence1