WordPress Plugin Vulnerabilities

WholesaleX < 1.3.3 - Unauthenticated Privilege Escalation

Description

The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to escalate their privileges.

Affects Plugins

Plugin icon
wholesalex
Fixed in 1.3.3

References

CVE
CVE-2024-30542
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0cf7ec81-625b-4abf-9304-256701e933ee

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
fcf5d70d-d3fa-4bd7-a5c9-6359f6293bb3

Timeline

Publicly Published
2024-03-29 (about 2 years ago)
Added
2024-04-04 (about 2 years ago)
Last Updated
2024-04-04 (about 2 years ago)

Other

Published
Title
Published
2025-04-23
Title
Buddypress Force Password Change <= 0.1 - Subscriber+ Account Takeover via Password Update
Published
2024-10-09
Title
UserPlus <= 2.0 - Unauthenticated Privilege Escalation
Published
2025-04-08
Title
WP User Profiles <= 2.6.2 - Authenticated (Subscriber+) Privilege Escalation
Published
2024-09-05
Title
Newsletters < 4.9.9.3 - Authenticated Privilege Escalation
Published
2025-04-23
Title
Frontend Login and Registration Blocks < 1.0.9 - Subscriber+ Privilege Escalation via Password Reset