Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:15 a.m.8 views

CVE-2024-3243

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.6AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2024/04/16 1:15 p.m.24 views

CVE-2024-3243

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.4AI score0.00431EPSS
Exploits0References3
CVE
CVE
added 2024/04/16 12:51 p.m.59 views

CVE-2024-3243

CVE-2024-3243 affects the Customer Reviews for WooCommerce plugin for WordPress. Root cause: a missing capability check in send_test_email(), enabling unauthorized email sending by authenticated users with subscriber-level access or higher. Affected versions: all versions up to and including 5.46...

4.3CVSS6.5AI score0.00431EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/16 12:51 p.m.12 views

CVE-2024-3243 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6AI score0.00431EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.9 views

WordPress Customer Reviews for WooCommerce Plugin <= 5.46.0 is vulnerable to Broken Access Control

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.46.0 Fixed in 5.47.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3243 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 13d177cd2664 Credits Thura Moe...

4.3CVSS6.6AI score0.00431EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder