The plugin called “WooCommerce AWeber Newsletter Subscription” for WordPress can be changed by someone who is not authorized to do so. This is because a necessary security check is missing in all versions up to and including 4.0.2. This means that people who are not logged in can reset and change the plugin’s access token.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
