{"api_version":"1","generated_at":"2026-06-05T13:52:23+00:00","cve":"CVE-2024-1492","urls":{"html":"https://cve.report/CVE-2024-1492","api":"https://cve.report/api/cve/CVE-2024-1492.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-1492","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-1492"},"summary":{"title":"WPify Woo Czech <= 4.0.8 - Missing Authorization","description":"The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2024-02-29 01:43:51","updated_at":"2026-04-08 18:20:41"},"problem_types":["CWE-284","CWE-862","CWE-284 CWE-284 Improper Access Control"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"security@wordfence.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail=","name":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail=","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-1492","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1492","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"wpify","product":"WPify Woo Czech","version":"affected 4.0.8 semver","platforms":[]},{"source":"ADP","vendor":"wpify","product":"wpify_woo_czech","version":"affected 4.0.8 custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-02-19T00:00:00.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Francesco Carlucci","lang":"en"}],"nvd_cpes":[{"cve_year":"2024","cve_id":"1492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wpify","cpe5":"woo_czech","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:2.3:a:wpify:wpify_woo_czech:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"wpify_woo_czech","vendor":"wpify","versions":[{"lessThanOrEqual":"4.0.8","status":"affected","version":"0","versionType":"custom"}]}],"metrics":[{"other":{"content":{"id":"CVE-2024-1492","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-03-05T20:21:12.596834Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-04-22T16:24:39.242Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-01T18:40:21.200Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail="}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"WPify Woo Czech","vendor":"wpify","versions":[{"lessThanOrEqual":"4.0.8","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Francesco Carlucci"}],"descriptions":[{"lang":"en","value":"The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known."}],"metrics":[{"cvssV3_1":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T16:49:29.899Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail="}],"timeline":[{"lang":"en","time":"2024-02-19T00:00:00.000Z","value":"Disclosed"}],"title":"WPify Woo Czech <= 4.0.8 - Missing Authorization"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2024-1492","datePublished":"2024-02-20T18:56:29.589Z","dateReserved":"2024-02-14T15:56:21.927Z","dateUpdated":"2026-04-08T16:49:29.899Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-02-29 01:43:51","lastModifiedDate":"2026-04-08 18:20:41","problem_types":["CWE-284","CWE-862","CWE-284 CWE-284 Improper Access Control"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wpify:woo_czech:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"4.0.9","matchCriteriaId":"63AC5024-D38B-4412-AF06-F4E30624B21A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"1492","Ordinal":"1","Title":"WPify Woo Czech <= 4.0.8 - Missing Authorization","CVE":"CVE-2024-1492","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"1492","Ordinal":"1","NoteData":"The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.","Type":"Description","Title":"WPify Woo Czech <= 4.0.8 - Missing Authorization"}]}}}