CVE-2024-1686

Name of the Vulnerable Software and Affected Versions The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress versions up to, and including, 1.1.2

Description The issue is related to missing authorization in the plugin, specifically due to a missing capability check in the apply layout function. This allows authenticated attackers with subscriber-level access and above to retrieve arbitrary order data, which may contain personally identifiable information (PII).

Recommendations For versions up to, and including, 1.1.2, consider disabling the apply layout function as a temporary workaround until a patch is available. Restrict access to order data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.