CVE-2024-1044
Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.
El complemento Customer Reviews for WooCommerce para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función 'submit_review' en todas las versiones hasta la 5.38.12 incluida. Esto hace posible que atacantes no autenticados envíen reseñas con direcciones de correo electrónico arbitrarias, independientemente de si las reseñas están habilitadas globalmente.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-01-29 CVE Reserved
- 2024-02-06 CVE Published
- 2024-02-21 EPSS Updated
- 2024-08-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ivole Search vendor "Ivole" | Customer Reviews For WooCommerce Search vendor "Ivole" for product "Customer Reviews For WooCommerce" | <= 5.38.12 Search vendor "Ivole" for product "Customer Reviews For WooCommerce" and version " <= 5.38.12" | en |
Affected
| ||||||