WordPress Plugin Vulnerabilities

Flexible Woocommerce Checkout Field Editor <= 2.0.1 - Missing Authorization

Description

The Flexible Woocommerce Checkout Field Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function function in versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
flexible-woocommerce-checkout-field-editor
No known fix

References

CVE
CVE-2023-49817
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5947f7cb-de84-4a62-bef7-cbeb1f20bb72

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
0aba1191-d903-4fd5-bf35-4d4692818cfc

Timeline

Publicly Published
2023-12-05 (about 2 years ago)
Added
2023-12-09 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-03-25
Title
BWL Advanced FAQ Manager < 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
Published
2023-11-23
Title
TextMe SMS < 1.9.1 - Subscriber+ Settings Update
Published
2025-10-16
Title
SmartCrawl < 3.14.4 - Missing Authorization
Published
2025-01-23
Title
Jobify - Job Board WordPress Theme < 4.2.8 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation
Published
2025-11-14
Title
All in One SEO < 4.9.0 - Contributor+ Arbitrary Media Deletion