Lucene search

K
patchstackFrancesco CarlucciPATCHSTACK:FB4B3BE2977D85740C6A79B22703F2DB
HistoryMar 12, 2024 - 12:00 a.m.

WordPress Bulgarisation for WooCommerce Plugin <= 3.0.14 is vulnerable to Broken Access Control

2024-03-1200:00:00
Francesco Carlucci
patchstack.com
access control
woocommerce
plugin
vulnerability
cve-2024-0683
patch
medium cvss
francesco carlucci
subscriber
march 12 2024

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.5

Confidence

Low

Software

Bulgarisation for WooCommerce

Type

Plugin

Vulnerable versions

<= 3.0.14

Fixed in

3.0.15

OWASP Top 10

A5: Broken Access Control

Classification

Broken Access Control

CVE

CVE-2024-0683

Patch priority

Medium

CVSS severity

Medium (6.5)

Developer

Claim ownership

PSID

9bca55e3b9c3

Credits

Francesco Carlucci

Required privilege

Subscriber

Published

12 March, 2024

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
autopolis.bgbulgarisation_for_woocommerceRange3.0.14
VendorProductVersionCPE
autopolis.bgbulgarisation_for_woocommerce*cpe:2.3:a:autopolis.bg:bulgarisation_for_woocommerce:*:*:*:*:*:*:*:*

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.5

Confidence

Low

Related for PATCHSTACK:FB4B3BE2977D85740C6A79B22703F2DB