CVE-2021-4444

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2527958%40woo-product-filter&new=2527958%40woo-product-filter&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/30b6b0bf-e632-4e83-89ee-a424382534da?source=cve

Configurations

No configuration.

History

16 Oct 2024, 16:38

Type	Values Removed	Values Added
Summary		(es) El complemento Product Filter de WooBeWoo para WordPress es vulnerable a la omisión de autorización en versiones hasta la 1.4.9 incluida, debido a la falta de comprobaciones de autorización en varias funciones. Esto hace posible que atacantes no autenticados realicen acciones no autorizadas, como crear nuevos filtros e inyectar JavaScript malicioso en un sitio vulnerable. Esto se explotó activamente en el momento del descubrimiento.

16 Oct 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-16 07:15

Updated : 2024-10-16 16:38

NVD link : CVE-2021-4444

Mitre link : CVE-2021-4444

CVE.ORG link : CVE-2021-4444

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

7.3 /10