WordPress Plugin Vulnerabilities

WooCommerce Google Sheet Connector < 1.3.12 - Missing Authorization

Description

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.

Affects Plugins

Plugin icon
wc-gsheetconnector
Fixed in 1.3.12

References

CVE
CVE-2024-1562
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
4c0c939f-b7a4-431c-8c16-ea5563af004a

Timeline

Publicly Published
2024-02-20 (about 2 years ago)
Added
2024-02-20 (about 2 years ago)
Last Updated
2024-02-20 (about 2 years ago)

Other

Published
Title
Published
2025-12-08
Title
Email Capture < 3.12.5 - Missing Authorization
Published
2025-01-16
Title
Copy Move Posts <= 1.6 - Missing Authorization
Published
2026-02-18
Title
Book Landing Page < 1.2.8 - Missing Authorization
Published
2025-03-03
Title
Animation Addons for Elementor Pro < 1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Published
2025-12-11
Title
Coupons and Deals < 3.2.5 - Missing Authorization