The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.
History

Wed, 21 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Zaytech
Zaytech smart Online Order For Clover
CPEs cpe:2.3:a:zaytech:smart_online_order_for_clover:*:*:*:*:*:wordpress:*:*
Vendors & Products Zaytech
Zaytech smart Online Order For Clover
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 21 Aug 2024 05:45:00 +0000

Type Values Removed Values Added
Description The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.
Title Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-21T05:30:22.143Z

Updated: 2024-08-21T13:39:39.456Z

Reserved: 2024-07-23T17:16:27.629Z

Link: CVE-2024-7032

cve-icon Vulnrichment

Updated: 2024-08-21T13:39:31.753Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-21T06:15:10.453

Modified: 2024-08-31T03:02:41.763

Link: CVE-2024-7032

cve-icon Redhat

No data.