CVE-2023-37971
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-37971 is a Missing Authorization vulnerability affecting the MultiVendorX WooCommerce Product Stock Alert plugin. The issue stems from incorrectly configured access control security levels, enabling unauthorized users to exploit this vulnerability. This vulnerability was identified in versions from n/a through 2.0.1 of the plugin, putting WooCommerce websites using these versions at potential risk. Unauthorized users may gain access to functionality and data they should not be able to reach, potentially leading to data breaches or unauthorized modifications. It is strongly advised that users update their plugin to the latest version to address this security concern.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.