2 matches found
CVE-2024-7032 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moodeactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin an...
WordPress Smart Online Order for Clover Plugin <= 1.5.6 is vulnerable to Broken Access Control
Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7032 Patch priority Medium CVSS severity Medium 6.5 Developer Zaytech PSID 1d01355fa1e4 Credits Lucio Sá Required...