CVE-2021-4379

Опубликовано: 07 июн. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.

Ссылки

https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
Exploit
Third Party Advisory
https://codecanyon.net/item/woocommerce-multi-currency/20948446
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve
Third Party Advisory
https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
Exploit
Third Party Advisory
https://codecanyon.net/item/woocommerce-multi-currency/20948446
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:villatheme:woocommerce_multi_currency:*:*:*:*:*:wordpress:*:*

Версия до 2.1.18 (исключая)

EPSS

Процентиль: 13%

0.00044

Низкий

6.5 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-4hwc-qxww-8xr8