WordPress Plugin Vulnerabilities

Premmerce Product Filter for WooCommerce < 3.7.3 - Missing Authorization

Description

The Premmerce Product Filter for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
premmerce-woocommerce-product-filter
Fixed in 3.7.3

References

CVE
CVE-2024-31359
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f9be7798-31ac-4692-a6ac-ae7f129bcd6d

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
3123df9b-af31-43b7-bea0-2562367e9840

Timeline

Publicly Published
2024-04-08 (about 2 years ago)
Added
2024-04-16 (about 2 years ago)
Last Updated
2024-04-16 (about 2 years ago)

Other

Published
Title
Published
2025-11-17
Title
wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce < 1.3 - Missing Authorization to Sensitive Information Disclosure
Published
2026-03-23
Title
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment < 2.6.1 - Missing Authorization
Published
2025-09-26
Title
HivePress Claim Listings < 1.1.4 - Missing Authorization
Published
2025-02-03
Title
Embed RSS <= 3.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
Published
2023-01-10
Title
Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Import Deletion