CVE-2024-1639

21.06.2024, 02:15

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with admin dashboard access (contributors by default due to WooCommerce) to view arbitrary decrypted license keys. The functions contain a referrer nonce check. However, these can be retrieved via the dashboard through the "license" JS variable.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Wordfence	CNA	6.5 MEDIUM				CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Vendor	Product	Version
wpexperts	license_manager_for_woocommerce	𝑥 ≤ 3.0.7

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://plugins.trac.wordpress.org/browser/license-manager-for-woocommerce/tags/3.0.5/includes/Controllers/License.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/92e444db-72d5-444f-811e-ade0bc097769?source=cve

https://plugins.trac.wordpress.org/browser/license-manager-for-woocommerce/tags/3.0.5/includes/Controllers/License.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/92e444db-72d5-444f-811e-ade0bc097769?source=cve