CVE-2024-13424
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-13424 is a vulnerability affecting the Ni Sales Commission For WooCommerce plugin for WordPress. This issue stems from a missing capability check on the 'niwoosc_ajax' AJAX endpoint, which exists in all versions up to 1.2.4. Due to this oversight, authenticated attackers with Subscriber-level access or higher can exploit this vulnerability, gaining the ability to update plugin settings and modify commission amounts. This weakness can lead to significant financial losses or other unwanted changes to the affected system. It is essential to install patches or updates to mitigate this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.