GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 – Missing Authorization | CVE 2024-32519 | Plugin Vulnerabilities

Description

The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.

Affects Plugins

Fixed in 1.2.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/5e65bafd-471a-498a-a6ac-1bc87d25de67

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

41c85fc6-d4cb-4c28-be25-80b60168a3f7

Timeline

Publicly Published

2024-04-15 (about 1 months ago)

Added

2024-04-23 (about 27 days ago)

Last Updated

2024-04-23 (about 27 days ago)

Other

Published

Title

Published

2023-02-24

Title

WP Meta SEO < 4.5.4 - Subscriber+ Google Analytics Settings Update

Published

2023-11-28

Title

Razorpay for WooCommerce < 4.5.7 - Subscriber+ Transfers Manipulation

Published

2024-04-10

Title

Redirection < 1.2.0 - Subscriber+ Unauthorised Action Calls

Published

2023-10-25

Title

My Shortcodes <= 2.3 - Missing Authorization via Multiple AJAX Actions

Published

2024-02-02

Title

BEAR < 1.1.4.1 - Missing Authorization via Several Functions