CVSS 3.1 Score 6.5 of 10 (medium)


Published Apr 2, 2024


CVE-2024-1807 is a vulnerability found in the Product Sort and Display for WooCommerce plugin for WordPress. Versions up to and including 2.4.1 are affected. The vulnerability allows unauthenticated attackers to modify data by exploiting a missing capability check on the psad_update_product_cat_custom_meta_ajax function. This can result in the hiding of product categories. The base severity of this vulnerability is rated as MEDIUM, with a base score of 6.5 according to CVSS:3.1 standards. No user interaction or privileges are required for an attacker to exploit this vulnerability, which has a low impact on integrity and no impact on confidentiality. Remediation for this vulnerability involves updating the plugin to a version that has addressed the issue, thereby mitigating the potential danger it poses to organizations using the affected plugin.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1807 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options