CVE-2024-25929

2024-06-0911:15:49

CWE-862

Patchstack

web.nvd.nist.gov

cve-2024-25929

reserved

organization

individual

security problem

publicized

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

Percentile

9.0%

JSON

Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.

Affected configurations

Vulners

Node

multivendorxproduct_catalog_mode_for_woocommerceRange≤5.0.5wordpress

VendorProductVersionCPE
multivendorxproduct_catalog_mode_for_woocommerce*cpe:2.3:a:multivendorx:product_catalog_mode_for_woocommerce:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
multivendorx	product_catalog_mode_for_woocommerce	*	cpe:2.3:a:multivendorx:product_catalog_mode_for_woocommerce::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woocommerce-catalog-enquiry",
    "product": "Product Catalog Enquiry for WooCommerce by MultiVendorX",
    "vendor": "MultiVendorX",
    "versions": [
      {
        "changes": [
          {
            "at": "5.0.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.0.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woocommerce-catalog-enquiry/wordpress-product-catalog-mode-for-woocommerce-plugin-5-0-5-broken-access-control-vulnerability?_s_id=cve