Log out
Get PRO

Latest

Access violation vulnerability in YITH WooCommerce Waitlist 2.6.0

  • Severity: medium-risk
  • Status: Open
  • Publication: August 10, 2023

The YITH WooCommerce Waiting List plugin for WordPress is vulnerable to a security issue in versions up to 2.6.0. This means that unauthenticated attackers (people who have not logged in) can enable or disable email notifications without permission. This is done by tricking a site administrator into performing an action such as clicking on a link. This is because of a missing or incorrect validation system called a nonce on the ‘save_mail_status’ function.

Detected in:

YITH WooCommerce Waitlist open vulnerable versions: >= * <= 2.6.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.