Report
The WPC Frequently Bought Together for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_get_search_results, ajax_import_export, and ajax_import_export_save functions in versions up to, and including, 7.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
Score:4.3
Severity:Medium
Version: 7.0.3
There is a patch available in v7.0.4 and we strongly recommend you update to this version as soon as possible.
