Vulnerability Description
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quanticedgesolutions | Category Discount Woocommerce | < 4.13 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cProduct
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8eThird Party Advisory
- https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cProduct
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8eThird Party Advisory
FAQ
What is CVE-2024-0617?
CVE-2024-0617 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, ...
How severe is CVE-2024-0617?
CVE-2024-0617 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0617?
Check the references section above for vendor advisories and patch information. Affected products include: Quanticedgesolutions Category Discount Woocommerce.