CVE-2023-27608

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 25, 2024

CWE ID 862

Summary

CVE-2023-27608 refers to a Missing Authorization vulnerability discovered in the WP Swings Points and Rewards plugin for WooCommerce. This issue allows unauthenticated users to access and manipulate reward points, affecting versions from n/a through 1.5.0. The absence of proper authorization checks exposes sites using this plugin to potential data tampering and privilege escalation attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vBr2gf
https://www.cve.org/CVERecord?id=CVE-2023-27608
https://nvd.nist.gov/vuln/detail/CVE-2023-27608

Back to Vulnerability Database

CVE-2023-27608

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations