WordPress Plugin Vulnerabilities

Bulgarisation for WooCommerce < 3.0.15 - Missing Authorization

Description

The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels.

Affects Plugins

Plugin icon
bulgarisation-for-woocommerce
Fixed in 3.0.15

References

CVE
CVE-2024-0683
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
7.3 (high)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
1d01f864-3222-43af-ad9e-6fca56f56ac2

Timeline

Publicly Published
2024-03-12 (about 2 years ago)
Added
2024-03-12 (about 2 years ago)
Last Updated
2024-03-12 (about 2 years ago)

Other

Published
Title
Published
2025-04-01
Title
Printus < 1.2.7 - Missing Authorization
Published
2025-03-27
Title
Our Team Members < 2.3 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
Published
2025-04-04
Title
SurveyJS < 1.12.57 - Missing Authorization
Published
2025-01-27
Title
Better Find and Replace < 1.6.8 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Published
2024-04-18
Title
Poll Maker – Best WordPress Poll Plugin < 5.1.9 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting