CVE-2024-1562 MEDIUM

CVE-2024-1562: WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization

Vendor Westerndeal
Product GSheetConnector for WooCommerce – Send your Orders and Products to Google Sheet in Real-Time
Weakness CWE-862 · Missing authorization
Published February 21, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.

Key dates

02Disclosure timeline

February 21, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable CVE-2025-67583 WordPress IDonate plugin <= 2.1.15 - Broken Access Control vulnerability CVE-2025-31758 WordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerability CVE-2024-35723 WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability CVE-2024-11154 PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure