The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.
References
Configurations
Configuration 1 (hide)
|
History
07 Mar 2025, 19:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
First Time |
Gsheetconnector woocommerce Google Sheet Connector
Gsheetconnector |
|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve - Third Party Advisory | |
CPE | cpe:2.3:a:gsheetconnector:woocommerce_google_sheet_connector:*:*:*:*:*:wordpress:*:* |
21 Nov 2024, 08:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail= - | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve - |
22 Feb 2024, 19:07
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Feb 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-21 04:15
Updated : 2025-03-07 19:37
NVD link : CVE-2024-1562
Mitre link : CVE-2024-1562
CVE.ORG link : CVE-2024-1562
JSON object : View
Products Affected
gsheetconnector
- woocommerce_google_sheet_connector
CWE
CWE-862
Missing Authorization