CVE-2024-1492

Name of the Vulnerable Software and Affected Versions WPify Woo Czech plugin versions up to, and including, 4.0.8

Description The issue allows unauthorized access to data due to a missing capability check on the maybe send to packeta function. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.

Recommendations For WPify Woo Czech plugin versions up to, and including, 4.0.8, update to a version higher than 4.0.8 to resolve the issue. As a temporary workaround, consider disabling the maybe send to packeta function until a patch is available.