WordPress Plugin Vulnerabilities

Simple Registration for WooCommerce < 1.5.7 - Unauthenticated Privilege Escalation

Description

The plugin is vulnerable to privilege escalation, allowing unauthenticated users to elevate their privileges to that of an administrator.

Affects Plugins

Plugin icon
woocommerce-simple-registration
Fixed in 1.5.7

References

CVE
CVE-2024-32511
URL
https://patchstack.com/database/wordpress/plugin/woocommerce-simple-registration/vulnerability/wordpress-simple-registration-for-woocommerce-plugin-1-5-6-unauthenticated-privilege-escalation-vulnerability

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Ngô Thiên An (ancorn_)
Verified
No
WPVDB ID
7a298a4c-4220-4dda-8419-0d36130c33ed

Timeline

Publicly Published
2024-04-15 (about 1 year ago)
Added
2024-04-25 (about 1 year ago)
Last Updated
2025-02-06 (about 1 year ago)

Other

Published
Title
Published
2021-12-23
Title
Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation
Published
2021-11-03
Title
Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Elementor Template Import
Published
2024-05-20
Title
Debug Log – Manger Tool < 1.5 - Unauthenticated Information Exposure via Logs
Published
2024-04-19
Title
VikBooking < 1.6.8 - Broken Access Control
Published
2021-08-26
Title
Woffice < 4.0.2 - Unauthenticated Disclosure of Notification Titles