Unauthenticated Export Vulnerability in WooCommerce Dynamic Pricing and Discounts Plugin by WordPress
CVE-2021-4353

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WooCommerce Dynamic Pricing And Discounts
Vendor: CVE Published:; 20 October 2023

Summary

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress has a security flaw that allows unauthorized users to export settings. This issue arises from a lack of proper authorization in the export() function, exposing sensitive configuration settings of the plugin to unauthenticated attackers. Versions up to and including 2.4.1 are affected, making it crucial for users to update to secure their installations.

Affected Version(s)

WooCommerce Dynamic Pricing and Discounts * < 2.4.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/woocommerce-dynamic-pricing-a...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet