Missing Authorization Vulnerability in Smart Shopify Product
CVE-2024-56031

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Smart Shopify Product
Vendor: CVE Published:; 31 December 2024

Summary

A vulnerability exists in the Smart Shopify Product that stems from missing authorization controls, allowing attackers to exploit incorrectly configured access levels. This issue can lead to unauthorized access and manipulation of product settings, undermining the confidentiality and integrity of user data. Users of the affected versions should prioritize immediate updates and review of their security configurations to mitigate any potential risks.

Affected Version(s)

Smart Shopify Product <= 1.0.2

References

https://patchstack.com/database/wordpress/plugin/smart-sh...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Mika (Patchstack Alliance)