CVE-2024-9927 – The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation …

23 October 2024

Vuln ID: CVE-2024-9927

Published: 2024-10-23 02:15:07.467

Description: The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators.

Base Score: 7.2 – HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

23 October 2024

Categorie(s):

NVD

Tag(s):

NVD

Attackers Use Encoded JavaScript to Deliver Malware23 October 2024
6 facts for CentOS users who are holding on23 October 2024
CISOs respond: 49% of CISOs plan to leave role without industry action23 October 2024
Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration23 October 2024
Ghosts in the Machines: NHIs spread terror this Halloween 23 October 2024