The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 24 Dec 2024 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data. | |
Title | WC Price History for Omnibus <= 2.1.3 - Missing Authorization | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-24T04:22:45.832Z
Updated: 2024-12-24T16:55:16.450Z
Reserved: 2024-12-13T14:27:54.487Z
Link: CVE-2024-12617
Vulnrichment
Updated: 2024-12-24T16:55:03.176Z
NVD
Status : Received
Published: 2024-12-24T05:15:07.013
Modified: 2024-12-24T05:15:07.013
Link: CVE-2024-12617
Redhat
No data.