Medium severity6.3NVD Advisory· Published Oct 16, 2024· Updated Jun 17, 2026
CVE-2020-36834
CVE-2020-36834
Description
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.0.2+ 1 more
- (no CPE)range: <=2.0.2
- (no CPE)range: <=2.0.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.