CVE-2024-54383

CRITICAL

wpweb WooCommerce PDF Vouchers <4.9.9 - Privilege Escalation

Title source: llm

Description

Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.

Exploits (1)

nomisec WORKING POC

by pashayogi · poc

https://github.com/pashayogi/CVE-2024-54383

View Code ZIP pw:eip

References (2)

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/woocommerce-pdf-vouchers/vulnerability/wordpress-woocommerce-pdf-vouchers-plugin-4-9-9-broken-authentication-vulnerability?_s_id=cve

[Third Party Advisory] https://patchstack.com/database/wordpress/plugin/woocommerce-pdf-vouchers/vulnerability/wordpress-woocommerce-pdf-vouchers-plugin-4-9-9-broken-authentication-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.0534

EPSS Percentile 90.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-266

Status published

Products (2)

wpweb/WooCommerce PDF Vouchers < 4.9.9

wpwebelite/woocommerce_pdf_vouchers < 4.9.9

Published Dec 18, 2024

Tracked Since Feb 18, 2026