CVE-2024-0870

Name of the Vulnerable Software and Affected Versions YITH WooCommerce Gift Cards plugin for WordPress versions prior to 4.12.1

Description The issue allows unauthorized modification of data due to a missing capability check on the save mail status and save email settings functions. This makes it possible for unauthenticated attackers to modify WooCommerce settings.

Recommendations For versions prior to 4.12.1, update to version 4.12.1 or later to resolve the issue. As a temporary workaround, consider disabling the save mail status and save email settings functions until a patch is available. Restrict access to the WooCommerce settings to minimize the risk of exploitation.