WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple Vulnerabilities
CVE-2024-39650
7.3HIGH
Summary
A vulnerability exists in WPWeb Elite WooCommerce PDF Vouchers that allows attackers to exploit missing authorization controls. This vulnerability enables unauthorized access to functionalities that should be constrained by access control lists (ACLs). The affected versions of the WooCommerce PDF Vouchers plugin, including versions from n/a up to and including 4.9.4, exhibit these security weaknesses. It is crucial for site administrators using this plugin to review their configurations and apply necessary updates to mitigate potential risks associated with unauthorized functionality access.
Affected Version(s)
WooCommerce PDF Vouchers <= 4.9.4
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dave Jong (Patchstack)