ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WooCommerce plugin <= 3.4.5 - Authenticated File Deletion to Privilege Escalation vulnerability

Product
WooCommerce
Description
Authenticated File Deletion to Privilege Escalation vulnerability found in WordPress WooCommerce plugin (versions <= 3.4.5).
Solution
Update the WordPress WooCommerce plugin to the latest available version (at least 3.4.6).
Classification
Type Unknown
OWASP Top 10 A7: Missing Function Level Access Control
References
RIPS blog
CVE
Name CVE-N/A
Versions
Affected In <= 3.4.5
Fixed In 3.4.6
Disclosure date
2018-11-07
Submitter
ThreatPress