PT-2024-14140 · Woocommerce · Powerfulwp Local Delivery Drivers
Rafie Muhammad
·
Published
2024-05-17
·
Updated
2024-07-10
·
CVE-2023-51481
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
powerfulwp Local Delivery Drivers for WooCommerce versions 1.9.0 and earlier
Description
The issue is related to improper privilege management, allowing privilege escalation. This could potentially lead to full site takeover.
Recommendations
For versions 1.9.0 and earlier, update the plugin immediately and review user permissions to mitigate the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Powerfulwp Local Delivery Drivers