WordPress Plugin Vulnerabilities

AutomateWoo < 5.7.6 - Missing Authorization

Description

The plugin is vulnerable to unauthorized functionality access due to a missing capability check on one of its functions in versions up to, and including, 5.7.5. This makes it possible for unauthenticated attackers to invoke this function intended for users with higher privileges.

Affects Plugins

Plugin icon
automatewoo
Fixed in 5.7.6

References

CVE
CVE-2023-36512

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
12b06c01-38c2-41b0-9afe-a3f419fe1ef6

Timeline

Publicly Published
2023-06-26 (about 2 years ago)
Added
2023-11-10 (about 2 years ago)
Last Updated
2023-11-10 (about 2 years ago)

Other

Published
Title
Published
2025-10-06
Title
IDonate < 2.1.13 - Unauthenticated User Deletion
Published
2025-06-05
Title
Interactive Regional Map of Florida <= 1.0 - Missing Authorization
Published
2023-10-12
Title
Nexter < 2.0.4 - Missing Authorization
Published
2025-01-06
Title
ClickDesigns < 2.0.0 - Missing Authorization to API Key Modification or Removal
Published
2025-06-18
Title
Breeze < 2.2.14 - Missing Authorization