CVE-2024-1862

Name of the Vulnerable Software and Affected Versions WooCommerce Add to Cart Custom Redirect plugin for WordPress versions up to, and including, 1.2.13

Description The issue allows authenticated attackers with contributor access and above to update the values of arbitrary site options to 'dismissed' due to a missing capability check on the wcr dismiss admin notice function. This can lead to unauthorized modification of data and loss of data.

Recommendations For versions up to, and including, 1.2.13, update to a version higher than 1.2.13 to resolve the issue. As a temporary workaround, consider restricting access to the wcr dismiss admin notice function to prevent unauthorized modifications until a patch is available.