← voltar
CVE-2024-1310

WooCommerce < 8.6 - Contributor+ Private/Draft Products Access

CVSS 4.9 MEDIUMEPSS 0.7%
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
Unknown · WooCommerce

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/a7735feb-876e-461c-9a56-ea6067faf277/