CVE-2024-4233 - Vulnerability Details - OpenCVE

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/woocommerce-delivery-notes/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-4-8-1-broken-access-control-vulnerability?_s_id=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-05-08T13:19:59.655Z

Updated: 2024-08-01T20:33:52.986Z

Reserved: 2024-04-26T10:17:15.928Z

Link: CVE-2024-4233

Vulnrichment

Updated: 2024-08-01T20:33:52.986Z

NVD

Status : Awaiting Analysis

Published: 2024-05-08T14:15:08.907

Modified: 2024-11-21T09:42:26.227

Link: CVE-2024-4233

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4233", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-04-26T10:17:15.928Z", "datePublished": "2024-05-08T13:19:59.655Z", "dateUpdated": "2024-08-01T20:33:52.986Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woocommerce-delivery-notes", "product": "Print Invoice & Delivery Notes for WooCommerce", "vendor": "Tyche Softwares", "versions": [{"changes": [{"at": "4.9.0", "status": "unaffected"}], "lessThanOrEqual": "4.8.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "arconix-shortcodes", "product": "Arconix Shortcodes", "vendor": "Tyche Softwares", "versions": [{"changes": [{"at": "2.1.11", "status": "unaffected"}], "lessThanOrEqual": "2.1.10", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "arconix-faq", "product": "Arconix FAQ", "vendor": "Tyche Softwares", "versions": [{"changes": [{"at": "1.9.4", "status": "unaffected"}], "lessThanOrEqual": "1.9.3", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dhabaleshwar Das (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.<p>This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.</p>"}], "value": "Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-08T13:19:59.655Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/woocommerce-delivery-notes/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-4-8-1-broken-access-control-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update Print Invoice & Delivery Notes for WooCommerce to 4.9.0 or a higher version."}], "value": "Update\u00a0Print Invoice & Delivery Notes for WooCommerce to\u00a04.9.0 or a higher version."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update Arconix Shortcodes to 2.1.11 or a higher version.<br>"}], "value": "Update Arconix Shortcodes to\u00a02.1.11 or a higher version.\n"}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update Arconix FAQ to 1.9.4 or a higher version."}], "value": "Update\u00a0Arconix FAQ to\u00a01.9.4 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4233", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-08T17:04:53.220579Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:54:03.363Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.986Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/woocommerce-delivery-notes/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-4-8-1-broken-access-control-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/woocommerce-delivery-notes/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-4-8-1-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.986Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4233", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-08T17:04:53.220579Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-08T17:04:57.345Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Dhabaleshwar Das (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Tyche Softwares", "product": "Print Invoice & Delivery Notes for WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "4.9.0", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "4.8.1"}], "packageName": "woocommerce-delivery-notes", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}, {"vendor": "Tyche Softwares", "product": "Arconix Shortcodes", "versions": [{"status": "affected", "changes": [{"at": "2.1.11", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.1.10"}], "packageName": "arconix-shortcodes", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}, {"vendor": "Tyche Softwares", "product": "Arconix FAQ", "versions": [{"status": "affected", "changes": [{"at": "1.9.4", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.9.3"}], "packageName": "arconix-faq", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update\u00a0Print Invoice & Delivery Notes for WooCommerce to\u00a04.9.0 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update Print Invoice & Delivery Notes for WooCommerce to 4.9.0 or a higher version.", "base64": false}]}, {"lang": "en", "value": "Update Arconix Shortcodes to\u00a02.1.11 or a higher version.\n", "supportingMedia": [{"type": "text/html", "value": "Update Arconix Shortcodes to 2.1.11 or a higher version.<br>", "base64": false}]}, {"lang": "en", "value": "Update\u00a0Arconix FAQ to\u00a01.9.4 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update Arconix FAQ to 1.9.4 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/woocommerce-delivery-notes/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-4-8-1-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}, {"url": "https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}, {"url": "https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.\n\n", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.<p>This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-08T13:19:59.655Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4233", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:52.986Z", "dateReserved": "2024-04-26T10:17:15.928Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-05-08T13:19:59.655Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Tyche Softwares Print Invoice & Delivery Notes para WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ. Este problema afecta Print Invoice & Delivery Notes para WooCommerce: desde n/a hasta 4.8.1; C\u00f3digos cortos de Arconix: desde n/a hasta 2.1.10; Preguntas frecuentes de Arconix: desde n/a hasta 1.9.3."}], "id": "CVE-2024-4233", "lastModified": "2024-11-21T09:42:26.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-05-08T14:15:08.907", "references": [{"source": "[email protected]", "url": "https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve"}, {"source": "[email protected]", "url": "https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve"}, {"source": "[email protected]", "url": "https://patchstack.com/database/vulnerability/woocommerce-delivery-notes/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-4-8-1-broken-access-control-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-3-broken-access-control-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/database/vulnerability/woocommerce-delivery-notes/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-4-8-1-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Secondary"}]}