WordPress Plugin Vulnerabilities

Brands for WooCommerce < 3.8.2.3 - Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval

Description

The Brands for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.8.2.2. This is due to missing capability checks on the clear_cache_ajax, save_order, br_get_products, br_get_brands, and save_all_orders functions hooked via AJAX nopriv actions. This makes it possible for unauthenticated attackers to modify orders and clear the plugin's cache. Please note that while the plugin author only added nonces to the functions, and not capability checks, the nonces are not disclosed to unauthorized users making this issue patched, though not perfectly.

Affects Plugins

Plugin icon
brands-for-woocommerce
Fixed in 3.8.2.3

References

CVE
CVE-2023-44149
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f7afbe2b-72a8-40da-bc94-ff2a1b9569b4

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
183ead30-a6d8-4582-97ce-446709c7184c

Timeline

Publicly Published
2023-09-22 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-21 (about 2 years ago)

Other

Published
Title
Published
2024-07-08
Title
Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2025-04-09
Title
Seo Meta Tags <= 1.4 - Cross-Site Request Forgery to Privilege Escalation
Published
2022-07-04
Title
Name Directory < 1.25.4 - Arbitrary Directory/Name Deletion via CSRF
Published
2025-03-31
Title
Simple Contact Forms <= 1.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-08-09
Title
Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)