Missing Authorization vulnerability in Advanced Local Pickup for WooCommerce
CVE-2024-31283

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Advanced Local Pickup For WooCommerce
Vendor: CVE Published:; 9 June 2024

Summary

A missing authorization vulnerability has been identified in the Advanced Local Pickup for WooCommerce plugin by zorem. This vulnerability allows attackers to bypass normal authorization checks, potentially allowing unauthorized access to certain functionalities. The issue affects versions of the plugin from an unspecified version up to 1.6.2, posing risks of unauthorized actions that could compromise the integrity of the application and its data.

Affected Version(s)

Advanced Local Pickup for WooCommerce <= 1.6.2

References

https://patchstack.com/database/vulnerability/advanced-lo...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Majed Refaea (Patchstack Alliance)