Missing Authorization Vulnerability Affects WPC Badge Management for WooCommerce
CVE-2024-30537

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: WPc Badge Management For WooCommerce
Vendor: CVE Published:; 9 June 2024

What is CVE-2024-30537?

A missing authorization vulnerability exists in WPC Badge Management for WooCommerce, potentially allowing unauthorized users to access restricted functionalities. This flaw affects multiple versions of the plugin, specifically from n/a up to 2.4.0, and could lead to security implications if exploited by attackers. Proper implementation of access controls is critical to safeguarding against unauthorized actions in a WooCommerce setup.

Affected Version(s)

WPC Badge Management for WooCommerce <= 2.4.0

References

https://patchstack.com/database/vulnerability/wpc-badge-m...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

Abdi Pranata (Patchstack Alliance)

CVE-2024-30537 Data

JSON

WordPress

What is CVE-2024-30537?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit