Privilege Escalation Vulnerability in WooCommerce PDF Vouchers by wpweb
CVE-2024-54383

Currently unrated

Key Information:

Vendor: wpweb
Vendor: CVE Published:; 18 December 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 13%

Summary

A vulnerability exists in the WooCommerce PDF Vouchers plugin developed by wpweb that enables incorrect privilege assignment, leading to the potential for privilege escalation. This vulnerability can affect users with insufficient permissions, allowing unauthorized access to functionality that should be restricted. The issue impacts all versions of the plugin prior to 4.9.9, highlighting the need for prompt updates to mitigate security risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-54383
Created by pashayogi

References

https://patchstack.com/database/wordpress/plugin/woocomme...

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
Mar 11, 2025
👾
Exploit known to exist
Mar 11, 2025
Vulnerability published
Dec 18, 2024