WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple Vulnerabilities
CVE-2024-39650

7.3HIGH

Key Information:

Vendor
WordPress
Vendor
CVE Published:
1 November 2024

Summary

A vulnerability exists in WPWeb Elite WooCommerce PDF Vouchers that allows attackers to exploit missing authorization controls. This vulnerability enables unauthorized access to functionalities that should be constrained by access control lists (ACLs). The affected versions of the WooCommerce PDF Vouchers plugin, including versions from n/a up to and including 4.9.4, exhibit these security weaknesses. It is crucial for site administrators using this plugin to review their configurations and apply necessary updates to mitigate potential risks associated with unauthorized functionality access.

Affected Version(s)

WooCommerce PDF Vouchers <= 4.9.4

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dave Jong (Patchstack)
.