Data Modification Vulnerability in WooCommerce Add to Cart Custom Redirect Plugin for WordPress
CVE-2024-1862

8.1HIGH

Key Information:

Vendor
Wordpress
Status
WooCommerce Add To Cart Custom Redirect
Vendor
CVE Published:
13 March 2024

Summary

The WooCommerce Add to Cart Custom Redirect plugin for WordPress contains a vulnerability that enables unauthorized modification of site data due to a lack of proper capability checks in the 'wcr_dismiss_admin_notice' function. This vulnerability affects all versions up to and including 1.2.13, allowing authenticated attackers with contributor access or higher to alter arbitrary site option values, causing potential data integrity issues.

Affected Version(s)

WooCommerce Add to Cart Custom Redirect * <= 1.2.13

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/woocommerce-ad...
https://plugins.trac.wordpress.org/changeset?old_path=/wo...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lucio Sá
.