CVE-2020-36834

EUVD-2020-30786
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
WordfenceCNA
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
flycartdiscount_rules_for_woocommerce
𝑥
≤ 2.0.2
CNA
Common Weakness Enumeration
References
https://patchstack.com/articles/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/
https://www.wordfence.com/threat-intel/vulnerabilities/id/33cf27ba-a01b-4e34-9584-b1d3fc87af34?source=cve