CVE-2024-43134 – WordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-43134

Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6. The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the send_email() and remove_row() function in versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to send emails and remove product rows. • https://patchstack.com/database/vulnerability/waitlist-woocommerce/wordpress-waitlist-woocommerce-plugin-2-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •