Описание
The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to modify other user's wishlists
EPSS
Процентиль: 16%
0.00053
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 6.5
github
2 месяца назад
The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to modify other user's wishlists
EPSS
Процентиль: 16%
0.00053
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639