CVE-2020-36834

{"id": "CVE-2020-36834", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-10-16T07:15:08.127", "references": [{"url": "https://patchstack.com/articles/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33cf27ba-a01b-4e34-9584-b1d3fc87af34?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations."}, {"lang": "es", "value": "El complemento Discount Rules for WooCommerce para WordPress es vulnerable a la falta de autorizaci\u00f3n a trav\u00e9s de varias acciones AJAX en versiones hasta la 2.0.2 incluida debido a la falta de comprobaciones de capacidad en varias funciones. Esto permite que los atacantes a nivel de suscriptor ejecuten varias acciones y realicen una amplia variedad de acciones, como modificar reglas y guardar configuraciones."}], "lastModified": "2024-10-16T16:38:14.557", "sourceIdentifier": "security@wordfence.com"}