How severe is CVE-2024-9654?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-9654?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-9654 - LOW Severity | CVSS 3.7

Vulnerability Description

The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass intended security restrictions and view the receipts of other users, which contains a link to download paid content. Successful exploitation requires knowledge of another customers email address as well as the file ID of the content they purchased.

Related Vulnerabilities

CVE-2021-20429

LOW

CVSS:3.7(Low)

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.

CWE-8632021

CVE-2024-23329

LOW

CVSS:3.7(Low)

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized use...

CWE-8632024

CVE-2024-43944

LOW

CVSS:3.7(Low)

Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & C...

CWE-8632024

CVE-2025-47937

LOW

CVSS:3.7(Low)

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing...

CWE-8632025

CVE-2020-6752

LOW

CVSS:3.8(Low)

In OMERO before 5.6.1, group owners can access members' data in other groups.

CWE-8632020

CVE-2022-0333

LOW

CVSS:3.8(Low)

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any ca...

CWE-8632022