CVE-2024-43312 MEDIUM

CVE-2024-43312: WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability

Vendor Wpclever
Product WPC Frequently Bought Together for WooCommerce
Weakness CWE-862 · Missing authorization
Published November 1, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9.

Key dates

02Disclosure timeline

November 1, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-40203 WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control CVE-2026-3462 Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification CVE-2025-10753 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization CVE-2025-11380 Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure CVE-2024-2107 Blossom Spa <= 1.3.3 - Sensitive Information Exposure