Medium severity4.3NVD Advisory· Published Jan 30, 2025· Updated Jun 17, 2026
CVE-2024-13652
CVE-2024-13652
Description
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's log files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- cpe:2.3:a:ecpay:ecpay_ecommerce_for_woocommerce:*:*:*:*:*:wordpress:*:*Range: <=1.1.2411060
<=1.1.2411060+ 1 more
- (no CPE)range: <=1.1.2411060
- (no CPE)
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.