Vulnerability Details CVE-2024-0683
The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.249
EPSS Ranking 96.0%
CVSS Severity
CVSS v3 Score 7.3
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve
Products affected by CVE-2024-0683
-
cpe:2.3:a:autopolis:bulgarisation_for_woocommerce:-
-
cpe:2.3:a:autopolis:bulgarisation_for_woocommerce:3.0.14