cleantalk
Vulnerabilities and Security Researches

EU/UK VAT Manager for WooCommerce, CVE-2024-9189

CVE, Research URL

CVE-2024-9189

Home page URL

Security reports for EU/UK VAT Manager for WooCommerce

Application

EU/UK VAT Manager for WooCommerce

Published on
Sep 28, 2024
Research Description
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. This makes it possible for unauthenticated attackers to update the VAT status for any order.
Affected versions
max 2.12.14.
Status
vulnerable
Previous vulnerability researches
EU/UK VAT Manager for WooCommerce (CVE-2024-44061) , Sep 01, 2024
EU/UK VAT Manager for WooCommerce (CVE-2025-47504) , Jun 02, 2025
EU/UK VAT Manager for WooCommerce (CVE-2024-8788) , Sep 29, 2024
EU/UK VAT Manager for WooCommerce (CVE-2024-9189) , Sep 29, 2024
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026