Lucene search

WpvulndbWPVDB-ID:4C1E1EC3-7502-46D7-BF0D-3F1F151702AB

HistoryApr 24, 2024 - 12:00 a.m.

Active Products Tables for WooCommerce < 1.0.6.3 - Missing Authorization

2024-04-2400:00:00

wpscan.com

wordpress

missing authorization

unauthorized access

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Description The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_smth() function in all versions up to, and including, 1.0.6.2. This makes it possible for unauthenticated attackers to import and export tables.

References

www.wordfence.com/threat-intel/vulnerabilities/id/1813aaca-3d5a-4650-8a8d-6b54311670f4

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:4C1E1EC3-7502-46D7-BF0D-3F1F151702AB