CVE-2024-12712 – BigCommerce Unauthenticated Order Status Modification Vulnerability

1月 8, 2025
11:16 am

CVE ID : CVE-2024-12712

Published : Jan. 8, 2025, 10:15 a.m. | 1 hour, 1 minute ago

Description : The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12712 – BigCommerce Unauthenticated Order Status Modification Vulnerability

Elvescore.io

Recent Posts

CVE-2025-21102 – Dell VxRail Plaintext Storage of a Password Vulnerability

CVE-2024-11423 – WooCommerce Gift Cards Advanced Coupons Unauthorized Data Modification

CVE-2024-11830 – DearFlip for WordPress Stored Cross-Site Scripting Vulnerability

CVE-2024-12337 – Planzer Shipping via WooCommerce Reflected Cross-Site Scripting