🔐 CVE Alert

CVE-2024-9109

MEDIUM 4.3

UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's API key.

CWE CWE-862
Vendor octolize
Product shipping live rates and access points for ups for woocommerce
Published Oct 25, 2024
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for octolize shipping live rates and access points for ups for woocommerce

Be the first to know when new medium vulnerabilities affecting octolize shipping live rates and access points for ups for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

octolize / Shipping Live Rates and Access Points for UPS for WooCommerce
0 ≤ 2.3.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/699fdea9-15ae-4882-9723-9a98d7d53c74?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/flexible-shipping-ups/trunk/vendor_prefixed/octolize/wp-ups-oauth/src/OAuth/Ajax.php#L32 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3173845/flexible-shipping-ups/tags/3.0.0/vendor_prefixed/octolize/wp-ups-oauth/src/OAuth/Ajax.php?old=3158553&old_path=flexible-shipping-ups%2Ftags%2F2.3.11%2Fvendor_prefixed%2Foctolize%2Fwp-ups-oauth%2Fsrc%2FOAuth%2FAjax.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3173845/flexible-shipping-ups/tags/3.0.0/vendor_prefixed/octolize/wp-ups-oauth/src/OAuth/Ajax.php?contextall=1&old=3158553&old_path=%2Fflexible-shipping-ups%2Ftags%2F2.3.11%2Fvendor_prefixed%2Foctolize%2Fwp-ups-oauth%2Fsrc%2FOAuth%2FAjax.php

Credits

Peter Thaleikis