First published: Sat Jan 25 2025(Updated: )
The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
GoHero Store Customizer for WooCommerce | <=3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-12826 is classified as a high severity vulnerability due to the potential for unauthorized data modification.
To fix CVE-2024-12826, update the GoHero Store Customizer for WooCommerce plugin to version 3.5 or later.
The impact of CVE-2024-12826 includes unauthorized modification of settings, which can affect the functionality and security of the affected WordPress site.
All versions of the GoHero Store Customizer for WooCommerce up to and including version 3.5 are affected by CVE-2024-12826.
No, CVE-2024-12826 can be exploited without user authentication due to the missing capability check.