How severe is CVE-2024-13692?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-13692?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2024-13692 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to overwrite linked refund image attachments, overwrite refund request message, overwrite order messages, and read order messages of other users.

Related Vulnerabilities

CVE-2018-16086

MEDIUM

CVSS:5.4(Medium)

Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via...

CWE-2852018

CVE-2019-14870

MEDIUM

CVSS:5.4(Medium)

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clien...

CWE-2852019

CVE-2019-1842

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct...

CWE-2852019

CVE-2020-3267

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerabilit...

CWE-2852020

CVE-2021-42331

MEDIUM

CVSS:5.4(Medium)

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule...

CWE-2852021

CVE-2022-0829

MEDIUM

CVSS:5.4(Medium)

Improper Authorization in GitHub repository webmin/webmin prior to 1.990.

CWE-2852022