CVE-2023-47241: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in CoCart – Headless ecommerce plugin affecting versions through 3.11.2. The vulnerability was discovered by researcher Mika and was publicly disclosed on November 7, 2023. This security issue was assigned CVE-2023-47241 and received a CVSS v3.1 score of 5.3 (Medium) (Patchstack).

The vulnerability is classified as CWE-862 (Missing Authorization) and involves a broken access control issue. The security flaw stems from a missing authorization, authentication, or nonce token check in a function that could allow unprivileged users to execute higher privileged actions. The vulnerability received a CVSS v3.1 Base Score of 5.3 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (Patchstack).

The vulnerability has been assessed as having a low severity impact. It allows for unauthorized access to certain functions, potentially leading to information disclosure as indicated by the CVSS metrics showing low confidentiality impact (Patchstack).

The vulnerability has been fixed in version 3.12.0 of the CoCart – Headless ecommerce plugin. Users are advised to update to version 3.12.0 or later to remediate this security issue. The fix is considered low priority due to the low severity impact of the vulnerability (Patchstack).