CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13553

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code "1234" and authenticate as any user, including administrators.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.7%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2024-13553

Cozyvision » Sms Alert Order Notifications » Version: 3.3.8

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.3.8
Cozyvision » Sms Alert Order Notifications » Version: 3.3.9

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.3.9
Cozyvision » Sms Alert Order Notifications » Version: 3.4.0

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.4.0
Cozyvision » Sms Alert Order Notifications » Version: 3.4.1

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.4.1
Cozyvision » Sms Alert Order Notifications » Version: 3.4.2

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.4.2
Cozyvision » Sms Alert Order Notifications » Version: 3.4.4

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.4.4
Cozyvision » Sms Alert Order Notifications » Version: 3.4.5

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.4.5
Cozyvision » Sms Alert Order Notifications » Version: 3.4.6

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.4.6
Cozyvision » Sms Alert Order Notifications » Version: 3.4.7

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.4.7
Cozyvision » Sms Alert Order Notifications » Version: 3.4.8

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.4.8
Cozyvision » Sms Alert Order Notifications » Version: 3.6.9

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.6.9
Cozyvision » Sms Alert Order Notifications » Version: 3.7.0

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.0
Cozyvision » Sms Alert Order Notifications » Version: 3.7.1

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.1
Cozyvision » Sms Alert Order Notifications » Version: 3.7.2

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.2
Cozyvision » Sms Alert Order Notifications » Version: 3.7.3

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.3
Cozyvision » Sms Alert Order Notifications » Version: 3.7.4

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.4
Cozyvision » Sms Alert Order Notifications » Version: 3.7.5

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.5
Cozyvision » Sms Alert Order Notifications » Version: 3.7.6

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.6
Cozyvision » Sms Alert Order Notifications » Version: 3.7.7

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.7
Cozyvision » Sms Alert Order Notifications » Version: 3.7.8

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.8
Cozyvision » Sms Alert Order Notifications » Version: 3.7.9

cpe:2.3:a:cozyvision:sms_alert_order_notifications:3.7.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13553

Products

Pricing

Contact Us