WooCommerce Checkout Manager Plugin up to 4.2 on WordPress admin-ajax.php wccm_default_keys_load denial of service

A vulnerability, which was classified as problematic, was found in WooCommerce Checkout Manager Plugin up to 4.2 on WordPress (E-Commerce Management Software). Affected is a function of the file wp-admin/admin-ajax.php?action=update_attachment_wccm. The manipulation of the argument wccm_default_keys_load as part of a Parameter leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. This is going to have an impact on integrity, and availability.

The weakness was released 05/06/2019. This vulnerability is traded as CVE-2019-11807 since 05/06/2019. There are known technical details, but no exploit is available.

Upgrading to version 4.3 eliminates this vulnerability.

Vendor

Name

VulDB Meta Base Score: 4.6
VulDB Meta Temp Score: 4.4

VulDB Base Score: ≈4.6
VulDB Temp Score: ≈4.4
VulDB Vector: ?
VulDB Reliability: ?

VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Denial of service (CWE-404)
Local: Yes
Remote: No

Availability: ?
Status: Not defined

Price Prediction: ?
Current Price Estimation: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?
0-Day Time: ?

Upgrade: Checkout Manager Plugin 4.3

05/06/2019 Advisory disclosed
05/06/2019 +0 days CVE assigned
05/07/2019 +1 days VulDB entry created
05/07/2019 +0 days VulDB last updateCVE: CVE-2019-11807 (?)Created: 05/07/2019 07:24 AM
Complete: ?

Comments are closed.