What the vulnerability does
01Description
Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3.
Explanation of Vulnerability in Simple Terms
Bux Woocommerce versions 1.2.3 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify data and disrupt service. An attacker can send network requests without credentials to trigger the vulnerability. Site owners should update immediately to prevent unauthorized changes to orders, products, or settings.
What an attacker can do
Modify site data and cause service disruption without logging in.
Potential impact on your site
Unauthorized changes to WooCommerce orders, products, or settings; potential data corruption.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities