CVE-2024-32524
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Apr 17, 2024
CWE ID 862
Summary
CVE-2024-32524 refers to a Missing Authorization vulnerability identified in the Nuggethon Custom Order Statuses plugin for WooCommerce. This issue allows unauthorized users to modify order statuses for WooCommerce versions 1.5.2 and below, potentially leading to unintended consequences such as order fulfillment or shipment. The absence of proper authorization checks in the plugin exposes affected sites to security risks and the need for immediate remediation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share