CVE-2024-0617: 
WordPress vulnerability analysis and mitigation

The Category Discount Woocommerce plugin for WordPress contains a vulnerability (CVE-2024-0617) due to a missing capability check on the wpcd_save_discount() function in versions up to and including 4.12. This security issue was discovered and disclosed in January 2024, affecting all installations of the plugin up to version 4.12 (CVE MITRE, NVD).

The vulnerability stems from a missing authorization check in the wpcd_save_discount() function, which is responsible for handling product category discount modifications. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that it can be exploited remotely without requiring privileges or user interaction (NVD).

If exploited, this vulnerability allows unauthenticated attackers to modify product category discounts in the WooCommerce store. This unauthorized access could lead to potential loss of revenue for the affected e-commerce sites by allowing malicious actors to alter pricing structures (CVE MITRE).

Website administrators running the Category Discount Woocommerce plugin should update to a version newer than 4.12 as soon as possible. The vulnerability has been patched in subsequent releases (WordPress Plugin).