- Description
- The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-10567 (CVSS:7.5, HIGH) is Awaiting Analysis. The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing cap..https://t.co/HCFUwBBZtd #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
9 Dec 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10567 The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all … https://t.co/B9drD4RC7I
@CVEnew
4 Dec 2024
369 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A CVE of mine CVE-2024-10567 (CVSS:3.1 7.5 High) has been released today. You can read more about it at the link below https://t.co/6MfrESGNXx . I would be making a full disclosure exclusively on my blog https://t.co/QFO2zb99gt, next year in a larger series.
@theabrahack
3 Dec 2024
2348 Impressions
5 Retweets
25 Likes
4 Bookmarks
1 Reply
0 Quotes