Description
WordPress Plugin Live Product Editor for WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently take over the website and its database. WordPress Plugin Live Product Editor for WooCommerce version 4.6.2 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 4.7.0 or latest
References
https://blog.nintechnet.com/16-woocommerce-product-add-ons-plugins-fixed-vulnerabilities/
https://xforwoocommerce.com/blog/change-log/xforwoocommerce-1-7-0/
Related Vulnerabilities
SharePoint CVE-2023-33142 Vulnerability (CVE-2023-33142)
WordPress Plugin Contact Form Manager Multiple Cross-Site Scripting Vulnerabilities (1.4.1)
WordPress Plugin NextGEN Gallery-WordPress Gallery 'swfupload.swf' Cross-Site Scripting (1.9.7)
WebLogic CVE-2020-2801 Vulnerability (CVE-2020-2801)
WordPress Plugin WPS Limit Login Multiple Vulnerabilities (1.4.5)