Description

WordPress Plugin WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently display any article title of any kind and status. WordPress Plugin WooCommerce version 2.1.7 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.1.8 or latest

References

http://blog.secupress.fr/vulnerabilite-woocommerce-2-1-6-201.html

Related Vulnerabilities

WordPress Plugin SP Project & Document Manager Unspecified Vulnerability (2.6.2.5)

PHP CVE-2009-3293 Vulnerability (CVE-2009-3293)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5745)

WordPress Plugin Advanced Classifieds & Directory Pro Cross-Site Scripting (1.7.5)

WordPress Plugin Like Button Rating-LikeBtn Security Bypass (2.5.3)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass