Description
WordPress Plugin Product Addons & Fields for WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently call an AJAX action and set arbitrary settings. WordPress Plugin Product Addons & Fields for WooCommerce version 23.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 24.0 or latest
References
Related Vulnerabilities
WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (3.5)
WordPress Plugin PowerPress Podcasting by Blubrry Multiple Vulnerabilities (8.4.4)
Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285)
MediaWiki Other Vulnerability (CVE-2012-5391)
WordPress Plugin Weaver Xtreme Theme Support Cross-Site Scripting (6.2.6)