CVE-2024-37935
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-37935 is a newly disclosed vulnerability affecting Woocommerce OpenPos, an e-commerce plugin for WordPress. The issue is classified as a Missing Authorization vulnerability, which enables unauthorized access to functionality that should be properly constrained by Access Control Lists (ACLs). Specifically, an attacker can exploit this flaw to gain unauthorized access to certain features within the plugin, from version n/a up to and including 6.4.4. This vulnerability poses a significant risk to websites using the affected plugin, as it can potentially lead to data breaches and other malicious activities. It is therefore crucial that users upgrade to the latest version of Woocommerce OpenPos, or implement alternative security measures, to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.