Privilege Escalation in 2.3M WooCommerce Shops

2018-02-26T13:00:00
ID RIPSTECH:C5B981660C3AB59C52AE337213D83678
Type ripstech
Reporter RIPS Technologies Blog
Modified 2018-02-26T13:00:00

Description

Who is affected Installations with the following requirements are affected by this vulnerability: WooCommerce version < 3.2.4 WordPress version >= 4.8.3 Impact - What can an attacker do The vulnerability discussed in the following can only be exploited by an attacker that already benefits of some higher privileges. The ability to edit/add products in WooCommerce are required but not a full administration account that would allow to execute code anyway.