CVE-2024-32524

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Apr 17, 2024
CWE ID 862

Summary

CVE-2024-32524 refers to a Missing Authorization vulnerability identified in the Nuggethon Custom Order Statuses plugin for WooCommerce. This issue allows unauthorized users to modify order statuses for WooCommerce versions 1.5.2 and below, potentially leading to unintended consequences such as order fulfillment or shipment. The absence of proper authorization checks in the plugin exposes affected sites to security risks and the need for immediate remediation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share