CVE-2024-1562: 
WordPress vulnerability analysis and mitigation

The WooCommerce Google Sheet Connector plugin for WordPress contains a vulnerability (CVE-2024-1562) related to unauthorized modification of data. The vulnerability affects all versions up to and including 1.3.11, due to a missing capability check on the execute_post_data function. This security flaw was discovered and reported by Wordfence, with the initial disclosure made on February 20, 2024 (NVD).

The vulnerability stems from a missing capability check in the execute_post_data function, which allows unauthenticated attackers to update plugin settings. The severity of this vulnerability has been assessed with a CVSS v3.1 base score of 5.3 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, and requires no user interaction (Wordfence).

The vulnerability allows unauthenticated attackers to modify plugin settings, potentially compromising the integrity of the WooCommerce Google Sheet Connector configuration. While the confidentiality and availability of the system remain unaffected, the ability to alter settings could lead to unauthorized changes in how the plugin interacts with Google Sheets (NVD).

Users are advised to update their WooCommerce Google Sheet Connector plugin to a version newer than 1.3.11. A patch has been released to address this vulnerability by implementing proper capability checks (WordPress Plugin).