Lucene search

WpvulndbWPVDB-ID:E6B51318-4F55-4D5A-A26F-1021812813B0

HistoryMay 15, 2024 - 12:00 a.m.

Serial Numbers for WooCommerce – License Manager <= 1.7.3 - Missing Authorization

2024-05-1500:00:00

wpscan.com

wordpress

vulnerable

unauthorized

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

References

www.wordfence.com/threat-intel/vulnerabilities/id/a9c4d444-0f55-44b2-b12e-5abc2a30c3fe

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:E6B51318-4F55-4D5A-A26F-1021812813B0