Описание
The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the store.
Ссылки
EPSS
Процентиль: 76%
0.00965
Низкий
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 5.3
github
почти 2 года назад
The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the store.
EPSS
Процентиль: 76%
0.00965
Низкий
5.3 Medium
CVSS3