CVE-2024-1492
First published: Tue Feb 20 2024(Updated: )
The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpify Woo Czech Wordpress | <=4.0.8 | |
| WordPress | <4.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-1492?
CVE-2024-1492 has a high severity rating due to the potential for unauthorized access to sensitive shipping details.
How do I fix CVE-2024-1492?
To fix CVE-2024-1492, you should update the WPify Woo Czech plugin to version 4.0.9 or later.
Who is affected by CVE-2024-1492?
All users of the WPify Woo Czech plugin for WordPress up to and including version 4.0.8 are affected by CVE-2024-1492.
What kind of data can be accessed due to CVE-2024-1492?
CVE-2024-1492 allows unauthenticated attackers to access sensitive shipping details for orders.
Is authentication required to exploit CVE-2024-1492?
No, authentication is not required to exploit CVE-2024-1492, making it particularly risky.
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/wpify
- canonical/wpify woo czech wordpress
- canonical/wordpress