CVERadar

CVE-2024-0870

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00344/1

CVE-2024-0870 allows unauthenticated attackers to modify WooCommerce settings in WordPress sites using the YITH WooCommerce Gift Cards plugin. This vulnerability affects versions up to 4.12.0 due to missing capability checks on critical functions. Specifically, the 'save_mail_status' and 'save_email_settings' functions lack proper authorization controls. With an SVRS score of 30, while not critical, this flaw requires attention to prevent potential abuse, especially since it's tagged as "In The Wild", indicating active exploitation. Attackers could exploit this to alter email configurations or manipulate gift card settings, leading to financial loss or unauthorized access. Immediate patching to the latest version is recommended to mitigate the risk.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Vulnerability Summary for the Week of May 13, 2024

CISA2024-05-20

; The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 <a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-4567&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" target="_blank" title

cve-2023-52695

cve-2024-4231

cve-2024-4968

cve-2024-4666

Social Media

CVE

@CVEnew

2024-05-14

CVE-2024-0870 The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and … https://t.co/CZdfJqd8gO

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php
[email protected]	https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence