Vulnerability Details CVE-2024-13652
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's log files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.9%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2024-13652
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:-
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.0.22007080
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.0.221123
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.0.2304120
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.0.2305230
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.0.2306280
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.0.2308160
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.0.2309210
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.0.2310050
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2311240
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2312190
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2403150
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2406060
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2406190
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2407100
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2409250
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2409260
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2409301
-
cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:1.1.2411060