- Description
- The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code "1234" and authenticate as any user, including administrators.
- Source
- security@wordfence.com
- NVD status
- Analyzed
- Products
- sms_alert_order_notifications
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
CVE-2024-13553 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, … https://t.co/nigSQ1fEz3
@CVEnew
5 Apr 2025
428 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13553 SMS Alert Order Notifications WordPress Plugin Privilege Escalation via Host Header Manipulation https://t.co/rdVn85gYzk
@VulmonFeeds
1 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-13553 ⚠️🔴 CRITICAL (9.8) 🏢 cozyvision1 - SMS Alert Order Notifications – WooCommerce 🏗️ * 🔗 https://t.co/MxJsXQ39HN 🔗 https://t.co/RBwaq3pfrJ 🔗 https://t.co/PXD66OQ0p6 #CyberCron #VulnAlert #InfoSec https://t.co/sT9D13v3kS
@cybercronai
1 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2024-13553 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-01 12:15:14 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/HOe6G8F9gE
@vulns_space
1 Apr 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-13553: CRITICAL] Vulnerability alert: WooCommerce SMS Alert Order Notifications plugin for WordPress up to version 3.7.9 prone to privilege escalation through account takeover. Plugin checks Host header...#cybersecurity,#vulnerability https://t.co/l7O0pbAQbh https://t.c
@CveFindCom
1 Apr 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cozyvision:sms_alert_order_notifications:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "2E6E0FDD-AE0D-4B47-A278-02D83660914E",
"versionEndExcluding": "3.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]