CVE-2024-1689

Name of the Vulnerable Software and Affected Versions WooCommerce Tools plugin for WordPress versions up to, and including, 1.2.9

Description The issue is related to a missing capability check on the woocommerce tool toggle module() function, allowing authenticated attackers with subscriber-level access and above to deactivate arbitrary plugin modules. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 1.2.9, update to a version higher than 1.2.9 to resolve the issue. As a temporary workaround, consider disabling the woocommerce tool toggle module() function until a patch is available. Restrict access to the module toggle functionality to minimize the risk of exploitation.