CVE-2024-33585

2024-04-2913:15:30

CWE-862

[email protected]

web.nvd.nist.gov

cve-2024-33585

missing authorization

tyche softwares

payment gateway

woocommerce

nvd

vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1.

Affected configurations

Vulners

Node

tyche_softwarespayment_gateway_based_fees_and_discounts_for_woocommerceRange≤2.12.1

VendorProductVersionCPE
tyche_softwarespayment_gateway_based_fees_and_discounts_for_woocommerce*cpe:2.3:*:tyche_softwares:payment_gateway_based_fees_and_discounts_for_woocommerce:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tyche_softwares	payment_gateway_based_fees_and_discounts_for_woocommerce	*	cpe:2.3::tyche_softwares:payment_gateway_based_fees_and_discounts_for_woocommerce::::::::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "checkout-fees-for-woocommerce",
    "product": "Payment Gateway Based Fees and Discounts for WooCommerce",
    "vendor": "Tyche Softwares",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/checkout-fees-for-woocommerce/wordpress-payment-gateway-based-fees-and-discounts-for-woocommerce-plugin-2-12-1-broken-access-control-vulnerability?_s_id=cve