WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin <= 5.0.2 - Broken Access Control vulnerability
CVE-2023-50899
5.4MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 9 December 2024
Summary
Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2.
Affected Version(s)
Product Catalog Enquiry for WooCommerce by MultiVendorX <= 5.0.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abdi Pranata (Patchstack Alliance)