CVE-2024-9927

The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://wpovernight.com/downloads/woocommerce-order-proposal/	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/cdc993a4-6f65-4570-811c-13a80dbec064?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpovernight:woocommerce_order_proposal:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-10-23 02:15

Updated : 2024-10-25 16:29

NVD link : CVE-2024-9927

Mitre link : CVE-2024-9927

CVE.ORG link : CVE-2024-9927

JSON object : View

Products Affected

wpovernight

woocommerce_order_proposal

CWE

CWE-287

Improper Authentication

{"id": "CVE-2024-9927", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-10-23T02:15:07.467", "references": [{"url": "https://wpovernight.com/downloads/woocommerce-order-proposal/", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdc993a4-6f65-4570-811c-13a80dbec064?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators."}, {"lang": "es", "value": "El complemento WooCommerce Order Proposal para WordPress es vulnerable a la escalada de privilegios a trav\u00e9s de la propuesta de pedido en todas las versiones hasta la 2.0.5 incluida. Esto se debe a la implementaci\u00f3n incorrecta de la funci\u00f3n allow_payment_without_login. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador de tienda y superior, inicien sesi\u00f3n en WordPress con una cuenta de usuario arbitraria, incluidos los administradores."}], "lastModified": "2024-10-25T16:29:27.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpovernight:woocommerce_order_proposal:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A267ECB4-6D4A-4089-AC8E-37EFDC6C362F", "versionEndExcluding": "2.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}