{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T07:22:08.350","vulnerabilities":[{"cve":{"id":"CVE-2024-12432","sourceIdentifier":"security@wordfence.com","published":"2024-12-18T04:15:07.947","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in."},{"lang":"es","value":"El complemento WPC Shop as a Customer for WooCommerce para WordPress es vulnerable a la apropiación de cuentas y la escalada de privilegios en todas las versiones hasta la 1.2.8 incluida. Esto se debe a que la función 'generate_key' no produce un valor suficientemente aleatorio. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, inicien sesión como administradores del sitio, siempre que hayan activado la función ajax_login() que genera una clave única que se puede usar para iniciar sesión."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-330"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208130%40wpc-shop-as-customer&new=3208130%40wpc-shop-as-customer&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/048625e8-10b7-418d-a13b-329f1d7e0171?source=cve","source":"security@wordfence.com"}]}}]}