CVE-2023-47681 – WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-47681

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0. Vulnerabilidad de autorización faltante en QuadLayers WooCommerce Checkout Manager. Este problema afecta a WooCommerce Checkout Manager: desde n/a hasta 7.3.0. The WooCommerce Checkout Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_order_attachment_upload and ajax_delete_attachment functions hooked via AJAX in versions up to, and including, 7.3.0. This makes it possible for unauthenticated attackers to update arbitrary order attachments and delete them. • https://patchstack.com/database/vulnerability/woocommerce-checkout-manager/wordpress-woocommerce-checkout-manager-plugin-7-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •