CVE-2023-35876 – WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-35876
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce WooCommerce Square. Este problema afecta a WooCommerce Square: desde n/a hasta 3.8.1. The WooCommerce Square plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 3.8.1. This makes it possible for authenticated attackers with contributor-level privileges to modify other user's orders. • https://patchstack.com/database/vulnerability/woocommerce-square/wordpress-woocommerce-square-plugin-3-8-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •