4 matches found
CVE-2024-10437
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajaxenable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...
CVE-2024-10437
creationtimestamp| type| source ---|---|--- 2024-10-29 12:15:35+00:00| seen| https://t.me/cvedetector/9274...
CVE-2024-10437 WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajaxenable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...
WordPress WPC Smart Messages for WooCommerce Plugin <= 4.2.1 is vulnerable to Broken Access Control
Software WPC Smart Messages for WooCommerce Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10437 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c11597d7fa3 Credits Francesco...