CVE-2024-13424

Name of the Vulnerable Software and Affected Versions Ni Sales Commission For WooCommerce plugin for WordPress versions up to, and including, 1.2.4

Description The issue is related to unauthorized access due to a missing capability check on the "niwoosc ajax" AJAX endpoint. This allows authenticated attackers with Subscriber-level access and above to update the plugin's settings and modify commission amounts.

Recommendations For versions up to, and including, 1.2.4, update to a version higher than 1.2.4 to resolve the issue. As a temporary workaround, consider restricting access to the "niwoosc ajax" AJAX endpoint until a patch is available.