CVE-2024-24719 – WordPress Kikote plugin <= 1.8.9 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-24719

Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. Vulnerabilidad de autorización faltante en el selector de ubicación de Uriahs Victor al finalizar la compra para WooCommerce. Este problema afecta al selector de ubicación al finalizar la compra para WooCommerce: desde n/a hasta 1.8.9. The Location Picker at Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkout_map_rules_order_ajax_handler function in versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify rule orders. • https://patchstack.com/database/vulnerability/map-location-picker-at-checkout-for-woocommerce/wordpress-kikote-plugin-1-8-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •