CVE-2020-36841

NVD Published Date: October 16, 2024 at 01:15 PM
NVD Last Modified: October 16, 2024 at 04:38 PM
Download Patch
Vulnerability ID
CVE-2020-36841
Severity
MEDIUM
Severity Score
5.3
Summary
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront.
References
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE ID
CWE-285

Recent Publish

KB5044306

KB5044320

CVE-2024-9977

CVE-2024-9986

KB5044321

KB5044342

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :