Unauthorized Modification of Data in WooCommerce Tools Plugin
CVE-2024-1689
5.3MEDIUM
Key Information
- Vendor
- Themefarmer
- Status
- WooCommerce Tools
- Vendor
- Published:
- 7 June 2024
Summary
The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules.
Affected Version(s)
WooCommerce Tools <= 1.2.9
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Timeline
Vulnerability published.
Disclosed
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Lucio Sá