CVE-2024-1807

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 2, 2024

Summary

CVE-2024-1807 is a vulnerability affecting the Product Sort and Display plugin for WooCommerce on WordPress. The issue lies in the psad_update_product_cat_custom_meta_ajax function, which is missing capability checks in all versions up to 2.4.1. This flaw allows unauthenticated attackers to manipulate product categories by making unauthorized modifications, potentially hiding categories from public view. The consequence of this vulnerability could lead to a deceptive shopping experience for users. Upgrading to the latest version of the plugin is recommended to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ungJmd
https://www.cve.org/CVERecord?id=CVE-2024-1807
https://nvd.nist.gov/vuln/detail/CVE-2024-1807

Back to Vulnerability Database

CVE-2024-1807

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations