3 matches found
CVE-2024-1229
The CVE concerns SimpleShop for WordPress. A missing capability check in the mayBeDisconnectSimplyShop function affects all versions up to and including 2.10.2, enabling unauthenticated attackers to disable or disconnect SimpleShop. Public disclosures in multiple feeds describe an unauthorized di...
CVE-2024-1229 SimpleShop <= 2.10.2 - Missing Authorization
The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybedisconnectsimpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleSh...
WordPress SimpleShop Plugin <= 2.10.2 is vulnerable to Broken Access Control
Software SimpleShop Type Plugin Vulnerable versions = 2.10.2 Fixed in 2.10.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1229 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 89340eba10b8 Credits Francesco Carlucci Required...