WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control
CVE-2022-40203

6.3MEDIUM

Key Information:

Vendor: WordPress
Status: Advanced Dynamic Pricing For WooCommerce
Vendor: CVE Published:; 17 January 2024

Summary

A missing authorization vulnerability exists in the AlgolPlus Advanced Dynamic Pricing plugin for WooCommerce, allowing unauthorized users to access sensitive areas of the application. This flaw can potentially lead to unauthorized modifications of dynamic pricing configurations, which may compromise the integrity and security of e-commerce operations. It is crucial for users of Advanced Dynamic Pricing for WooCommerce to ensure they are using a secure version and to implement proper access controls to mitigate risks associated with this vulnerability.

Affected Version(s)

Advanced Dynamic Pricing for WooCommerce <= 4.1.5

References

https://patchstack.com/database/vulnerability/advanced-dy...

vdb-entry

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2024
Vulnerability Reserved
Sep 27, 2022

Credit

István Márton (Patchstack Alliance)