CVE-2024-24719

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 26, 2024

CWE ID 862

Summary

CVE-2024-24719 is a missing authorization vulnerability affecting the Location Picker at Checkout plugin for WooCommerce, from version n/a through 1.8.9. An attacker can exploit this issue by manipulating URI requests, potentially gaining unauthorized access to user data or making unauthorized changes. This poses a significant risk to websites utilizing the Location Picker at Checkout plugin, as it bypasses the necessary authentication checks. It is crucial for users to update the plugin to a patched version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uS_V3R
https://www.cve.org/CVERecord?id=CVE-2024-24719
https://nvd.nist.gov/vuln/detail/CVE-2024-24719

Back to Vulnerability Database

CVE-2024-24719

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations