[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

251139

 
 

909

 
 

196159

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2024-3216Date: (C)2024-04-08   (M)2024-05-20


The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible for unauthenticated attackers to reset all of the plugin's settings.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score :
Exploit Score: Exploit Score:
Impact Score: Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector:
Attack Complexity: Access Complexity:
Privileges Required: Authentication:
User Interaction: Confidentiality:
Scope: Integrity:
Confidentiality: Availability:
Integrity:  
Availability:  
  
Reference:
https://plugins.trac.wordpress.org/browser/print-invoices-packing-slip-labels-for-woocommerce/trunk/admin/class-wf-woocommerce-packing-list-admin.php#L4262
https://www.wordfence.com/threat-intel/vulnerabilities/id/aeac9c4a-0754-4fb1-bf11-0cd8483451b6?source=cve

© SecPod Technologies