CVE-2024-9189
MEDIUMEU/UK VAT Manager for WooCommerce <= 2.12.12 - Unauthenticated Data Modification via alg_wc_eu_vat_exempt_vat_from_admin
Title source: llmDescription
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. This makes it possible for unauthenticated attackers to update the VAT status for any order.
References (3)
Core 3
Core References
Scores
CVSS v3
5.3
EPSS
0.0047
EPSS Percentile
37.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
wpcodefactory/EU/UK VAT Validation Manager for WooCommerce
< 2.12.12
wpfactory/eu\/uk_vat_manager_for_woocommerce
< 2.12.14
Published
Sep 28, 2024
Tracked Since
Feb 18, 2026