CVE-2023-36506

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 13, 2024
CWE ID 862

Summary

CVE-2023-36506 is a newly disclosed vulnerability affecting the YITH WooCommerce Waiting List plugin. This missing authorization issue enables unauthorized access to functionality, allowing attackers to exploit incorrectly configured access control security levels. Affecting versions from n/a to 2.13.0, this vulnerability poses a significant risk to WordPress websites using the YITH WooCommerce Waiting List plugin. Successful exploitation could result in unintended modifications or unauthorized actions. Users are urged to update to the latest plugin version or contact their WordPress security provider to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share