CVE-2024-43343 – WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-43343

16 Aug 2024 — Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12. The Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_test_email() function in versions up to, and including, 3.3.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to send test emails. • https://patchstack.com/database/vulnerability/order-tracking/wordpress-order-tracking-wordpress-status-tracking-plugin-plugin-3-3-13-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •