CVE-2024-12617

Name of the Vulnerable Software and Affected Versions WC Price History for Omnibus plugin for WordPress versions up to, and including, 2.1.3

Description The issue is related to unauthorized access due to a missing capability check on several AJAX actions. This allows authenticated attackers with Subscriber-level access and above to view and modify history data.

Recommendations For versions up to, and including, 2.1.3, consider disabling the vulnerable AJAX actions until a patch is available. Restrict access to the history data to minimize the risk of exploitation. Avoid using the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.