- Description
- The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-11281 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and incl..https://t.co/zFFi1GSp1O #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
30 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2024-11281 - https://t.co/fDplHNyCKh #OSINT #ThreatIntel #CyberSecurity #cve_2024_11281
@RedPacketSec
26 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11281 Privilege Escalation Vulnerability in WooCommerce Point o... https://t.co/mnt8995A1r Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
25 Dec 2024
87 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-11281: CRITICAL] Warning: WooCommerce Point of Sale plugin for WordPress up to version 6.1.0 is at risk! Privilege escalation vulnerability allows attackers to change emails of any user accounts. Update...#cybersecurity,#vulnerability https://t.co/MjNyEJ6uHE https://t.c
@CveFindCom
25 Dec 2024
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11281 The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient vali… https://t.co/0amaluaUDH
@CVEnew
25 Dec 2024
827 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes