WordPress EAN for WooCommerce plugin <= 4.8.9 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2024-34370
Key Information:
- Vendor
- WordPress
- Status
- Vendor
- CVE Published:
- 17 May 2024
Badges
Summary
An improper privilege management vulnerability exists in the WPFactory EAN for WooCommerce plugin, which can lead to unauthorized privilege escalation. This issue specifically affects versions from n/a through 4.8.9, potentially allowing attackers to gain elevated access rights and perform functions that should be restricted. Users of the affected plugin are advised to apply any available updates or patches to mitigate this risk.
Affected Version(s)
EAN for WooCommerce <= 4.8.9
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
34% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved