Description The Doofinder for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘doofinder_reset_credentials’ and ‘doofinder_force_update_on_save’ anonymous AJAX functions in versions up to, and including, 2.0.33. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset credentials and modify the update on save settings.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.1.1 |