Lucene search

K
wpvulndbWpvulndbWPVDB-ID:6E351808-6FDE-4E8B-AC36-545BF6C1264B
HistoryApr 23, 2024 - 12:00 a.m.

Custom Order Statuses for WooCommerce <= 1.5.2 - Missing Authorization

2024-04-2300:00:00
wpscan.com
6
wordpress
woocommerce
vulnerability
unauthorized access

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Description The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for WPVDB-ID:6E351808-6FDE-4E8B-AC36-545BF6C1264B