CVE-2016-10935
WooCommerce – Store Exporter <= 1.8.3 - Missing Authorization
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
El plugin woocommerce-exportador antes de 1.8.4 para WordPress tiene una escalada de privilegios
The WooCommerce – Store Exporter plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the woo_ce_admin_init function hooked via 'init' in versions up to, and including 1.8.3. This makes it possible for unauthenticated attackers to perform actions like exporting data that may contain sensitive information.
*Credits:
James Golovich
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-02-10 CVE Published
- 2019-08-26 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-862: Missing Authorization
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://wordpress.org/plugins/woocommerce-exporter/#developers | Release Notes | |
https://wpvulndb.com/vulnerabilities/9825 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Visser Search vendor "Visser" | Store Exporter For Woocommerce Search vendor "Visser" for product "Store Exporter For Woocommerce" | < 1.8.4 Search vendor "Visser" for product "Store Exporter For Woocommerce" and version " < 1.8.4" | wordpress |
Affected
|