WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple Vulnerabilities
CVE-2024-39650

7.3HIGH

Key Information:

Vendor: WordPress
Status: WooCommerce PDF Vouchers
Vendor: CVE Published:; 1 November 2024

What is CVE-2024-39650?

A vulnerability exists in WPWeb Elite WooCommerce PDF Vouchers that allows attackers to exploit missing authorization controls. This vulnerability enables unauthorized access to functionalities that should be constrained by access control lists (ACLs). The affected versions of the WooCommerce PDF Vouchers plugin, including versions from n/a up to and including 4.9.4, exhibit these security weaknesses. It is crucial for site administrators using this plugin to review their configurations and apply necessary updates to mitigate potential risks associated with unauthorized functionality access.

Affected Version(s)

WooCommerce PDF Vouchers <= 4.9.4

References

https://patchstack.com/database/vulnerability/woocommerce...

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Jun 26, 2024

Credit

Dave Jong (Patchstack)