What the vulnerability does
01Description
Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
What the vulnerability does
Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.
Explanation of Vulnerability in Simple Terms
YayExtra versions up to 1.5.2 lack proper authorization checks, allowing authenticated users with low privileges to read sensitive data, modify site content, or disrupt service availability. The vulnerability requires a valid user account but no special permissions. Sites running affected versions should update immediately to version 2.0.3 or later.
What an attacker can do
Read sensitive data, modify content, or cause service disruption with a low-privilege user account.
Potential impact on your site
Authenticated users can access restricted functions, modify data, or crash the site without admin approval.
Conditions required to exploit
Attacker must have a valid user account with low privileges; no special interaction required.
Key dates
External resources