CVE-2024-13694

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 30, 2025

Updated: Feb 4, 2025

CWE ID 285

CWE ID 639

Summary

CVE-2024-13694 is a newly disclosed vulnerability affecting the WooCommerce Wishlist plugin for WordPress up to version 1.8.7. The issue lies in the plugin's download_pdf_file() function, which lacks proper input validation on a user-controlled key. This oversight presents an Insecure Direct Object Reference risk, allowing unauthenticated attackers to gain access to data from other users' wishlists. The breach can result in sensitive information being exposed, posing a significant security concern for WordPress sites utilizing the WooCommerce Wishlist plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2u570X
https://www.cve.org/CVERecord?id=CVE-2024-13694
https://nvd.nist.gov/vuln/detail/CVE-2024-13694

Back to Vulnerability Database

CVE-2024-13694

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations