CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-10854

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import plugin settings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.6%

CVSS Severity

CVSS v3 Score 4.3

References

https://wordpress.org/plugins/buy-one-click-woocommerce/
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3d9b755-1e6e-44ac-989a-201237f6dc9f?source=cve

Products affected by CVE-2024-10854

Zixn » Buy One Click Woocommerce » Version: Any

cpe:2.3:a:zixn:buy_one_click_woocommerce:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-10854

Products

Pricing

Contact Us