CVE-2020-36834

CVSS V2 None CVSS V3 None

Description

The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations.

Overview

CVE ID
CVE-2020-36834

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-10-16T06:43:27.178Z

Last Modified Date
2024-10-16T19:13:16.958Z

Weakness Enumerations

CWE	URL
CWE-862	http://cwe.mitre.org/data/definitions/862.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/33cf27ba-a01b-4e34-9584-b1d3fc87af34?source=cve
https://patchstack.com/articles/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2020-36834
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36834

History

Created	Old Value	New Value	Data Type	Notes
2024-10-17 12:05:27				Added to TrackCVE