Medium severity6.3NVD Advisory· Published Oct 16, 2024· Updated Apr 15, 2026

CVE-2020-36834

Description

The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations.

Affected products

WordPress/Discount Rules For Woocommerceinferred
Range: <=2.0.2
Package: https://wordpress.org/plugins/discount-rules-for-woocommerce

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/articles/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/nvd
www.wordfence.com/threat-intel/vulnerabilities/id/33cf27ba-a01b-4e34-9584-b1d3fc87af34nvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000