CVE-2024-7030 Information

Description

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to and including 1.5.6. This makes it possible for authenticated attackers with Subscriber-level access and above to update product and category descriptions category titles and images and sort order.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/8664fec3-4e11-4775-a5ca-b4f58931da76?source=cve https://plugins.trac.wordpress.org/browser/clover-online-orders/trunk/admin/js/moo-OnlineOrders-admin.js https://plugins.trac.wordpress.org/browser/clover-online-orders/trunk/public/moo-OnlineOrders-public.php