How severe is CVE-2024-12617?

CVE-2024-12617 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2024-12617

5.4MEDIUM

The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This m

Published: 12/24/2024Updated: 12/24/2024

Description

The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data.

AI AnalysisPowered by AI

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3209687%40wc-price-history&new=3209687%40wc-price-history&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/b380b053-9847-48a8-ba12-d07db9df2baf?source=cve