WordPress Plugin Vulnerabilities

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

Description

The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them.

Proof of Concept

Affects Plugins

Plugin icon
wc-dynamic-pricing-and-discounts
Fixed in 2.4.2

References

URL
https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
b3d88600-4925-4217-9f4d-90b699b3710c

Timeline

Publicly Published
2021-08-31 (about 4 years ago)
Added
2021-08-31 (about 4 years ago)
Last Updated
2023-01-28 (about 3 years ago)

Other

Published
Title
Published
2024-02-27
Title
Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure
Published
2023-06-02
Title
VK Blocks < 1.58.0.0 - Contributor+ Settings Update via REST API
Published
2021-11-15
Title
Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access
Published
2021-07-02
Title
Workreap < 2.2.2 - Missing Authorization Checks in Ajax Actions
Published
2021-08-17
Title
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls