Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure
Vulnerability Description
The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
WordPress Plugin WooCommerce POS 安全漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin WooCommerce POS 1.4.11 版本及之前版本存在安全漏洞,该漏洞源于该插件未正确验证当前用户的身份验证和授权。这使得具有客户级及以上访问权限的经过身份验证的攻击者可以利用其他用户的订单 ID 查看有关其他用户的
CVSS Information
N/A
Vulnerability Type
N/A