PT-2023-11838 · WordPress · Product Input Fields For Woocommerce

Jerome Bruandet

Publicado

2023-06-07

Atualizado

2023-06-12

CVE-2020-36696

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Product Input Fields for WooCommerce plugin for WordPress versions up to, and including, 1.2.6

Description The issue is related to authorization bypass due to a missing capability check on the handle downloads() function. This allows unauthenticated attackers to download files from the vulnerable service.

Recommendations For versions up to, and including, 1.2.6, update to a version higher than 1.2.6 to resolve the issue. As a temporary workaround, consider disabling the handle downloads() function until a patch is available.

Exploit

Correção

Improper Authorization

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-862

Identificadores relacionados

CVE-2020-36696

Produtos afetados

Product Input Fields For Woocommerce

PT-2023-11838 · WordPress · Product Input Fields For Woocommerce

CVE-2020-36696

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8