CVE-2024-9756
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-9756 identifies a vulnerability in the Order Attachments for WooCommerce plugin for WordPress, affecting versions 2.0 to 2.4.1, which allows authenticated users with subscriber-level access or higher to upload limited file types due to a lack of proper capability checks on the wcoa_add_attachment AJAX action. This vulnerability poses a medium risk, with an exploitability score of 2.8, as it may allow attackers to compromise file integrity without requiring user interaction. To remediate this issue, it is recommended that users update the plugin to the latest version where the vulnerability has been addressed. The potential danger includes unauthorized file uploads that could lead to further security incidents within an organization's WordPress environment. The vulnerability is categorized under CWE-862, indicating a missing authorization flaw.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.