CVE-2024-1119

The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exporttipstocsv function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees...

CVE-2024-1119

The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exporttipstocsv function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees...

CVE-2024-1119 Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export

The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exporttipstocsv function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees...

fee proportional to strike even for unexercised orders

Lines of code Vulnerability details Impact The protocol takes a fee proportional to the order's strike. This happens during a withdraw: // transfer strike to owner if put is expired or call is exercised if order.isCall && isExercised || !order.isCall && !isExercised // send the fee to the admin/D...