Description

WordPress Plugin WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently display any article title of any kind and status. WordPress Plugin WooCommerce version 2.1.7 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.1.8 or latest

References

http://blog.secupress.fr/vulnerabilite-woocommerce-2-1-6-201.html

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0553)

WordPress Plugin EmbedSocial-Social Media Feeds, Reviews and Galleries Cross-Site Scripting (1.1.27)

Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-6385)

Atlassian Jira CVE-2020-29451 Vulnerability (CVE-2020-29451)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11025)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass