CVE-2024-13558 – NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure

https://notcve.org/view.php?id=CVE-2024-13558

19 Mar 2025 — The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. • https://plugins.trac.wordpress.org/changeset/3256816 • CWE-639: Authorization Bypass Through User-Controlled Key •