CVE-2024-37935

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 13, 2024
CWE ID 862

Summary

CVE-2024-37935 is a newly disclosed vulnerability affecting Woocommerce OpenPos, an e-commerce plugin for WordPress. The issue is classified as a Missing Authorization vulnerability, which enables unauthorized access to functionality that should be properly constrained by Access Control Lists (ACLs). Specifically, an attacker can exploit this flaw to gain unauthorized access to certain features within the plugin, from version n/a up to and including 6.4.4. This vulnerability poses a significant risk to websites using the affected plugin, as it can potentially lead to data breaches and other malicious activities. It is therefore crucial that users upgrade to the latest version of Woocommerce OpenPos, or implement alternative security measures, to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share