CVE-2023-47179: 
WordPress vulnerability analysis and mitigation

The WooODT Lite WordPress plugin contains a Missing Authorization vulnerability (CVE-2023-47179) discovered on October 31, 2023. This security flaw affects versions up to and including 2.4.6 of the plugin, which is used for delivery and pickup date-time management in WooCommerce (Patchstack, WPScan).

The vulnerability stems from a missing capability check in the byconsolewooodtadminfieldssettingfiles() function, which is hooked via AJAX. The issue has been assigned a CVSS score of 8.8 (High) and is classified under CWE-862, falling into the OWASP Top 10 category A5: Broken Access Control (WPScan).

This vulnerability allows authenticated attackers with subscriber-level access or higher to modify arbitrary site options, which can be leveraged for privilege escalation. The high CVSS score of 8.8 indicates the significant potential impact of this security flaw (Patchstack).

The vulnerability has been patched in version 2.4.7 of the WooODT Lite plugin. Site administrators are strongly advised to update to this version or later to resolve the security issue. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).