VYPR
Unrated severityNVD Advisory· Published May 6, 2019· Updated Aug 4, 2024

CVE-2019-11807

CVE-2019-11807

Description

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.