WordPress Brands for WooCommerce plugin <= 3.8.2.2 - Broken Access Control vulnerability
CVE-2023-44149

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Brands For WooCommerce
Vendor: CVE Published:; 13 December 2024

Summary

The missing authorization vulnerability in BeRocket's Brands for WooCommerce plugin allows attackers to exploit incorrectly configured access control security levels. This flaw has been identified in versions of the plugin prior to 3.8.2.2, potentially enabling unauthorized access to sensitive operations and functions. It is crucial for users of this plugin to review their configurations and apply necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Brands for WooCommerce <= 3.8.2.2

References

https://patchstack.com/database/wordpress/plugin/brands-f...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Sep 26, 2023

Credit

thiennv (Patchstack Alliance)