MultiVendorX Product Catalog Enquiry Vulnerable to Missing Authorization
CVE-2024-25929
9.1CRITICAL
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 9 June 2024
Summary
A missing authorization vulnerability exists in the MultiVendorX Product Catalog Enquiry plugin for WooCommerce. This flaw allows unauthorized users to gain access to sensitive information and functionalities that should be restricted. The vulnerability affects all versions from n/a up to and including 5.0.5, enabling potential exploitation without adequate access controls in place. Proper validation of user permissions is crucial to secure the product and protect sensitive data.
Affected Version(s)
Product Catalog Enquiry for WooCommerce by MultiVendorX <= 5.0.5
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abdi Pranata (Patchstack Alliance)