CVE-2020-36834

Name of the Vulnerable Software and Affected Versions Discount Rules for WooCommerce plugin for WordPress versions up to, and including, 2.0.2

Description The issue is related to missing authorization via several AJAX actions due to missing capability checks on various functions. This allows subscriber-level attackers to execute various actions, such as modifying rules and saving configurations.

Recommendations For versions up to, and including, 2.0.2, update the Discount Rules for WooCommerce plugin to a version later than 2.0.2 to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the vulnerable AJAX actions until a patch is available.