What the vulnerability does
01Description
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
Explanation of Vulnerability in Simple Terms
The Upsell Order Bump Offer for WooCommerce plugin through version 3.1.4 contains an integrity vulnerability that allows unauthenticated attackers to modify data over the network. The vulnerability requires no user interaction and affects the plugin's core functionality. Site administrators should update to a version newer than 3.1.4 immediately.
What an attacker can do
Modify plugin data or settings without authentication.
Potential impact on your site
Attackers can alter order bump offers, pricing, or other plugin configuration without your knowledge or permission.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities