Vulnerabilities > CVE-2024-1862 - Missing Authorization vulnerability in Renventura Woocommerce ADD to Cart Custom Redirect

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

renventura

CWE-862

NVD

Published: 2024-03-13

Updated: 2025-04-03

Summary

The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'.

Vulnerable Configurations

Part	Description	Count
Application	Renventura Renventura Woocommerce ADD TO Cart Custom Redirect 1.0 Renventura Woocommerce ADD TO Cart Custom Redirect 1.1 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.1 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.2 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.3 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.4 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.5 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.6 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.7 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.8 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.9 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.10 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.11 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.12 Renventura Woocommerce ADD TO Cart Custom Redirect 1.2.13	16

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References