Japanized For WooCommerce < 2.6.5 – Missing Authorization | CVE 2023-47698 | Plugin Vulnerabilities

Description

The Japanized For WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification due to missing capability checks on several functions called via REST API function in versions up to, and including, 2.6.4. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as updating the plugin's settings and retrieving information about settings.

Affects Plugins

woocommerce-for-japan

Fixed in 2.6.5

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0fc675e8-8ba1-40b0-829e-7a48d5eb586d

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Mika

Verified

No

WPVDB ID

c83a1812-9554-4154-a9e9-e854dd6dc61c

Timeline

Publicly Published

2023-11-09 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2026-03-20

Title

Membership Plugin – Restrict Content < 3.2.23 - Missing Authorization

Published

2025-12-30

Title

SiteLock Security < 5.0.2 - Missing Authorization

Published

2025-12-05

Title

Thank You Page Customizer for WooCommerce < 1.1.9 - Missing Authorization

Published

2026-01-13

Title

Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images'

Published

2026-04-15

Title

Accept Cryptocurrencies with Plisio <= 2.0.6 - Missing Authorization