The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.
Metrics
Affected Vendors & Products
References
History
Wed, 21 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zaytech
Zaytech smart Online Order For Clover |
|
CPEs | cpe:2.3:a:zaytech:smart_online_order_for_clover:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Zaytech
Zaytech smart Online Order For Clover |
|
Metrics |
ssvc
|
Wed, 21 Aug 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database. | |
Title | Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion | |
Weaknesses | CWE-862 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-21T05:30:22.143Z
Updated: 2024-08-21T13:39:39.456Z
Reserved: 2024-07-23T17:16:27.629Z
Link: CVE-2024-7032
Vulnrichment
Updated: 2024-08-21T13:39:31.753Z
NVD
Status : Analyzed
Published: 2024-08-21T06:15:10.453
Modified: 2024-08-31T03:02:41.763
Link: CVE-2024-7032
Redhat
No data.