CVE-2024-13558

Name of the Vulnerable Software and Affected Versions NP Quote Request for WooCommerce plugin for WordPress versions up to, and including, 1.9.179

Description The issue is related to Insecure Direct Object Reference due to missing validation on a user-controlled key. This allows unauthenticated attackers to read the content of quote requests.

Recommendations For versions up to, and including, 1.9.179, update to a version that includes the necessary validation to prevent Insecure Direct Object Reference attacks. As a temporary workaround, consider restricting access to quote requests to prevent unauthorized reading of their content.