Medium severity4.3NVD Advisory· Published Aug 21, 2024· Updated Apr 8, 2026

CVE-2024-7030

Description

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order.

Affected products

Zaytech/Smart Online Order For Clover
cpe:2.3:a:zaytech:smart_online_order_for_clover:*:*:*:*:*:wordpress:*:*
Range: <1.5.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/8664fec3-4e11-4775-a5ca-b4f58931da76nvdThird Party Advisory
plugins.trac.wordpress.org/browser/clover-online-orders/trunk/admin/js/moo-OnlineOrders-admin.jsnvdProduct
plugins.trac.wordpress.org/browser/clover-online-orders/trunk/public/moo-OnlineOrders-public.phpnvdProduct
plugins.trac.wordpress.org/changeset/3142846/nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000