CVE-2024-5769

Name of the Vulnerable Software and Affected Versions MIMO Woocommerce Order Tracking plugin for WordPress versions up to, and including, 1.0.2

Description The issue allows unauthorized modification of data due to a missing capability check on several functions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings.

Recommendations For versions up to, and including, 1.0.2, update to a version that includes a fix for the missing capability check issue. As a temporary workaround, consider restricting access to the affected functions to prevent unauthorized data modification.