WordPress Plugin Vulnerabilities

CoCart – Headless ecommerce < 3.12.0 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make unauthorized use of the unprotected function.

Affects Plugins

Plugin icon
cart-rest-api-for-woocommerce
Fixed in 3.12.0

References

CVE
CVE-2023-47241
URL
https://patchstack.com/database/vulnerability/cart-rest-api-for-woocommerce/wordpress-cocart-headless-ecommerce-plugin-3-9-0-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
1f11ea7e-59e1-44b3-a57e-cf361e1c54a8

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-21 (about 2 years ago)

Other

Published
Title
Published
2024-12-02
Title
ARForms <= 6.4.1 - Missing Authorization to Plugin Settings Change
Published
2025-12-31
Title
Flowbox <= 1.1.5 - Missing Authorization
Published
2025-12-08
Title
Eupago Gateway For Woocommerce <= 4.7.1 - Missing Authorization
Published
2026-01-06
Title
Easy Form Builder < 4.0.0 - Missing Authorization
Published
2025-12-15
Title
TrueBooker < 1.1.1 - Missing Authorization