CVE-2024-13315

Name of the Vulnerable Software and Affected Versions Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress versions up to, and including, 1.0.11

Description The issue is due to missing or incorrect nonce validation on the save setting() function. This makes it possible for unauthenticated attackers to update arbitrary options and achieve privilege escalation via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

Recommendations For versions up to, and including, 1.0.11, update to a version higher than 1.0.11 to resolve the issue. As a temporary workaround, consider restricting access to the save setting() function until a patch is available. Avoid using the save setting() function in a way that could be exploited by an attacker, such as through a forged request.