The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e39c0171-ed4a-4143-9a31-c407e3555eec | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:01
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-03-20 16:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-0865
Mitre link : CVE-2023-0865
CVE.ORG link : CVE-2023-0865
JSON object : View
Products Affected
woocommerce_multiple_customer_addresses_\&_shipping_project
- woocommerce_multiple_customer_addresses_\&_shipping
CWE
No CWE.