Medium severity5.3NVD Advisory· Published Feb 29, 2024· Updated Apr 8, 2026
CVE-2024-1492
CVE-2024-1492
Description
The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.
Affected products
2- Range: <=4.0.8
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changesetnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18nvdThird Party Advisory
News mentions
0No linked articles in our index yet.