CVE-2024-4233

Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.

Vulnerabilidad de autorización faltante en Tyche Softwares Print Invoice & Delivery Notes para WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ. Este problema afecta Print Invoice & Delivery Notes para WooCommerce: desde n/a hasta 4.8.1; Códigos cortos de Arconix: desde n/a hasta 2.1.10; Preguntas frecuentes de Arconix: desde n/a hasta 1.9.3.

Multiple plugins for WordPress by tychesoftwares are vulnerable to unauthorized modification of data due to a missing capability check on the ts_admin_notices() function in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss tracking notices.

*Credits: Dhabaleshwar Das (Patchstack Alliance)

CVSS Scores

Patchstackv3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-04-26 CVE Reserved
2024-04-26 CVE Published
2024-05-09 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-862: Missing Authorization

CAPEC

References (3)

URL	Tag	Source
https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve	Vdb Entry
https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve	Vdb Entry
https://patchstack.com/database/vulnerability/woocommerce-delivery-notes/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-4-8-1-broken-access-control-vulnerability?_s_id=cve	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Arconix Shortcodes Search vendor "Arconix Shortcodes"		Arconix Shortcodes Search vendor "Arconix Shortcodes" for product "Arconix Shortcodes"				>= 0.0.0 <= 2.1.10 Search vendor "Arconix Shortcodes" for product "Arconix Shortcodes" and version " >= 0.0.0 <= 2.1.10"		en		Affected