CVE-2024-35726 – WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-35726

Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19. Vulnerabilidad de autorización faltante en ThemeKraft WooBuddy. Este problema afecta a WooBuddy: desde n/a hasta 3.4.19. The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wc4bp_shop_profile_sync_ajax() function in versions up to, and including, 3.4.19. • https://patchstack.com/database/vulnerability/wc4bp/wordpress-woobuddy-plugin-3-4-19-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •