CVE-2024-1492

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2024-1492 is a vulnerability affecting the WPify Woo Czech plugin for WordPress. This issue allows unauthenticated attackers to access order shipping details by exploiting a missing capability check on the "maybe_send_to_packeta" function. Versions up to 4.0.8 are impacted, enabling attackers to obtain sensitive information if they know the order number. This vulnerability poses a significant risk for websites using the WPify Woo Czech plugin and should be addressed promptly through an update or patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uhG90O
https://www.cve.org/CVERecord?id=CVE-2024-1492
https://nvd.nist.gov/vuln/detail/CVE-2024-1492

Back to Vulnerability Database

CVE-2024-1492

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations