CVE-2023-41240 – WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-41240

Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2. Vulnerabilidad de autorización faltante en Vark Pricing Deals para WooCommerce. Este problema afecta a Pricing Deals para WooCommerce: desde n/a hasta 2.0.3.2. The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprd_ajax_clone_rule' function in versions up to, and including, 2.0.3.2. This makes it possible for unauthenticated attackers to clone rules. • https://patchstack.com/database/vulnerability/pricing-deals-for-woocommerce/wordpress-pricing-deals-for-woocommercepricing-deals-for-woocommerce-plugin-2-0-3-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •