CVE-2023-35914 – WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce Woo Subscriptions. Este problema afecta a Woo Subscriptions: desde n/a hasta 5.1.2. The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown unction in versions up to, and including, 5.1.2. This makes it possible for unauthenticated attackers to access or modify information by passing in a user-conttrolled parameter. • https://patchstack.com/database/vulnerability/woocommerce-subscriptions/wordpress-woocommerce-subscriptions-plugin-5-1-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •