CVE-2024-9189

Summary

CVE-2024-9189 identifies a vulnerability in the EU/UK VAT Manager for WooCommerce plugin for WordPress, affecting all versions up to and including 2.12.12. The flaw arises from a missing capability check in the alg_wc_eu_vat_exempt_vat_from_admin() function, allowing unauthorized attackers to modify VAT statuses on any order without authentication. The potential danger includes unauthorized changes to financial data, which could lead to significant revenue loss or compliance issues for organizations using this plugin. To remediate this vulnerability, it is recommended that users update the plugin to the latest version that addresses this security flaw. The vulnerability has been assigned a medium severity rating with an exploitability score of 5.3 and requires no user interaction for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.