CVE-2024-1677: CWE-862 Missing Authorization in ukrsolution Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which includes the ability to modify plugin settings and profiles, and create, edit, retrieve, and delete templates and barcodes.
AI Analysis
Technical Summary
CVE-2024-1677 is a CWE-862 missing authorization vulnerability in the ukrsolution Print Labels with Barcodes plugin for WooCommerce. The issue arises from improper capability checks on 42 AJAX functions, allowing authenticated users with subscriber privileges to bypass authorization controls. Exploiting this flaw enables attackers to manipulate plugin settings, profiles, and create, edit, retrieve, or delete templates and barcodes, potentially impacting data integrity and availability.
Potential Impact
The vulnerability allows authenticated users with low privileges (subscriber and above) to gain full control over the plugin's functionality. This can result in unauthorized access to sensitive data, unauthorized modification of plugin settings and data, and potential data loss. The CVSS score of 6.3 reflects a medium severity with network attack vector, low attack complexity, and no user interaction required.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict plugin access to trusted users only and monitor for suspicious activity related to plugin management. Avoid granting subscriber or higher privileges to untrusted users.
CVE-2024-1677: CWE-862 Missing Authorization in ukrsolution Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Description
The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which includes the ability to modify plugin settings and profiles, and create, edit, retrieve, and delete templates and barcodes.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-1677 is a CWE-862 missing authorization vulnerability in the ukrsolution Print Labels with Barcodes plugin for WooCommerce. The issue arises from improper capability checks on 42 AJAX functions, allowing authenticated users with subscriber privileges to bypass authorization controls. Exploiting this flaw enables attackers to manipulate plugin settings, profiles, and create, edit, retrieve, or delete templates and barcodes, potentially impacting data integrity and availability.
Potential Impact
The vulnerability allows authenticated users with low privileges (subscriber and above) to gain full control over the plugin's functionality. This can result in unauthorized access to sensitive data, unauthorized modification of plugin settings and data, and potential data loss. The CVSS score of 6.3 reflects a medium severity with network attack vector, low attack complexity, and no user interaction required.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict plugin access to trusted users only and monitor for suspicious activity related to plugin management. Avoid granting subscriber or higher privileges to untrusted users.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-02-20T17:20:02.475Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6d37b7ef31ef0b56f113
Added to database: 2/25/2026, 9:44:23 PM
Last enriched: 4/9/2026, 1:44:14 PM
Last updated: 4/12/2026, 6:17:32 PM
Views: 20
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.