WordPress Plugin Vulnerabilities

WooCommerce Subscriptions < 5.8.0 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function, making it possible for authenticated attackers, with contributor-level access and above, to make use of that function.

Affects Plugins

Plugin icon
woocommerce-subscriptions
Fixed in 5.8.0

References

CVE
CVE-2023-50850
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c01e3a86-8a2a-4200-b328-fb71afb2b196

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
54809b80-2598-4da6-839a-f814fe48ffde

Timeline

Publicly Published
2024-01-17 (about 2 years ago)
Added
2024-01-24 (about 2 years ago)
Last Updated
2024-01-24 (about 2 years ago)

Other

Published
Title
Published
2026-01-22
Title
ElementCamp < 2.3.6 - Missing Authorization
Published
2025-10-09
Title
Media Library Assistant < 3.30 - Missing Authorization
Published
2025-05-16
Title
Eventer <= 3.9.6 - Missing Authorization
Published
2025-06-23
Title
Abandoned Contact Form 7 <= 2.0 - Missing Authorization
Published
2026-01-22
Title
Lawyer Directory < 1.3.4 - Missing Authorization