CVE-2019-11807

HIGH

WooCommerce Checkout Manager <4.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0040
EPSS Percentile 60.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-434
Status published
Products (1)
visser/woocommerce_checkout_manager < 4.3
Published May 06, 2019
Tracked Since Feb 18, 2026