CVE-2024-7027

Name of the Vulnerable Software and Affected Versions WooCommerce - PDF Vouchers plugin for WordPress versions up to, and including, 4.9.3

Description The issue is related to authentication bypass due to insufficient verification of the user during a QR code login. This allows unauthenticated attackers to log in as any existing Voucher Vendor user if they have access to the user id.

Recommendations For versions up to, and including, 4.9.3, update to a version higher than 4.9.3 to resolve the issue. As a temporary workaround, consider restricting access to the QR code login feature until a patch is available. Avoid using the user id in the affected login process to minimize the risk of exploitation.