CVE-2024-9756

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Oct 12, 2024
Updated: Oct 15, 2024
CWE ID 862

Summary

CVE-2024-9756 identifies a vulnerability in the Order Attachments for WooCommerce plugin for WordPress, affecting versions 2.0 to 2.4.1, which allows authenticated users with subscriber-level access or higher to upload limited file types due to a lack of proper capability checks on the wcoa_add_attachment AJAX action. This vulnerability poses a medium risk, with an exploitability score of 2.8, as it may allow attackers to compromise file integrity without requiring user interaction. To remediate this issue, it is recommended that users update the plugin to the latest version where the vulnerability has been addressed. The potential danger includes unauthorized file uploads that could lead to further security incidents within an organization's WordPress environment. The vulnerability is categorized under CWE-862, indicating a missing authorization flaw.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share