Description

WordPress Plugin WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently display any article title of any kind and status. WordPress Plugin WooCommerce version 2.1.7 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.1.8 or latest

References

http://blog.secupress.fr/vulnerabilite-woocommerce-2-1-6-201.html

Related Vulnerabilities

Oracle JRE CVE-2013-5843 Vulnerability (CVE-2013-5843)

Oracle JRE CVE-2019-2958 Vulnerability (CVE-2019-2958)

Oracle JRE CVE-2011-3544 Vulnerability (CVE-2011-3544)

WordPress Plugin Captcha by BestWebSoft Cross-Site Scripting (4.2.9)

Oracle Database Server CVE-2016-0472 Vulnerability (CVE-2016-0472)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass