CVE-2024-1310: WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
First published: Mon Apr 15 2024(Updated: )
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Automattic WooCommerce Square | <8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-1310?
CVE-2024-1310 has been classified as a medium severity vulnerability.
How do I fix CVE-2024-1310?
To fix CVE-2024-1310, upgrade the WooCommerce plugin to version 8.6 or later.
What types of products can be leaked due to CVE-2024-1310?
Due to CVE-2024-1310, users may leak access to private, draft, and trashed products.
Which user roles are affected by CVE-2024-1310?
CVE-2024-1310 affects users with at least the contributor role in WooCommerce.
What versions of WooCommerce are affected by CVE-2024-1310?
CVE-2024-1310 affects WooCommerce versions prior to 8.6.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/automattic
- canonical/automattic woocommerce square