Customer Reviews For Woocommerce
CVE-2024-3869
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.
AnalysisAI
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes. Affected products include: Cusrev Customer Reviews For Woocommerce.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, wh
The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or non
Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated
Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at W
Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at Wo
Stored Cross-Site Scripting in the Customer Reviews for WooCommerce WordPress plugin (all versions ≤ 5.113.0) allows con
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' pa
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a mi
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing c
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.38.1. Rated medium severity (CVSS 4.3), t
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capabili
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today