cleantalk
Vulnerabilities and Security Researches

Smart Online Order for Clover, CVE-2024-7030

CVE, Research URL

CVE-2024-7030

Home page URL

Security reports for Smart Online Order for Clover

Application

Smart Online Order for Clover

Published on
Aug 21, 2024
Research Description
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order.
Affected versions
max 1.5.7.
Status
vulnerable
Previous vulnerability researches
Smart Online Order for Clover (CVE-2025-15635) , Apr 17, 2026
Smart Online Order for Clover (CVE-2024-7032) , Aug 23, 2024
Smart Online Order for Clover (CVE-2024-7030) , Aug 23, 2024
Smart Online Order for Clover (CVE-2024-43253) , Aug 16, 2024
Smart Online Order for Clover (CVE-2024-43254) , Aug 16, 2024
New vulnerability
ThemeGrill Demo Importer (CVE-2026-40730) , Apr 17, 2026
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2026-2840) , Apr 17, 2026
WP Allowed Hosts (CVE-2026-0734) , Apr 17, 2026
Real Post Slider Lite (CVE-2026-0680) , Apr 17, 2026
WP Docs (CVE-2026-3878) , Apr 17, 2026