Description
WordPress Plugin WooCommerce Admin is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently leak analytics reports. WordPress Plugin WooCommerce Admin version 2.6.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin versions 1.0.4,1.1.4,1.2.5,1.3.3,1.4.1,1.5.1,1.6.4,1.7.4,1.8.4,1.9.1,2.0.4,2.1.6,2.2.7,2.3.2,2.4.5,2.5.2,2.6.4 or latest
References
Related Vulnerabilities
WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.5.3)
WordPress Plugin Disable Image Right Click Cross-Site Scripting (1.0)
Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1999044)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7570)