CVE-2024-32589
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-31

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.5.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-31
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-08-31
EPSS Evaluated
2026-06-14
NVD
CVE-2024-32589
EUVD
EUVD-2024-30391
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ukrsolution barcode_scanner_with_inventory_and_order_manager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Broken Access Control issue in the WordPress Barcode Scanner with Inventory & Order Manager plugin (up to version 1.5.3). It allows unprivileged users, such as subscribers, to perform actions that normally require higher privileges because of missing authorization, authentication, or nonce token checks. This means attackers can bypass security controls to access or manipulate data or functions they shouldn't be able to. [1]

Impact Analysis

The vulnerability can lead to unauthorized actions being performed on your website, potentially allowing attackers to access, modify, or disrupt inventory and order management data. Since it is actively exploited, it poses a moderate risk of data compromise, service disruption, and unauthorized access, which can affect the integrity, confidentiality, and availability of your system. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized actions performed by unprivileged users exploiting missing authorization in the UkrSolution Barcode Scanner with Inventory & Order Manager plugin. While specific commands are not provided, it is recommended to use server-side malware scanning and professional incident response to identify compromise. Additionally, monitoring web server logs for suspicious access patterns or privilege escalation attempts related to the plugin may help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include updating the UkrSolution Barcode Scanner with Inventory & Order Manager plugin to version 1.5.4 or later, where the vulnerability is fixed. Until the official update is applied, applying Patchstack's virtual patch (vPatch) can automatically block attacks targeting this vulnerability. It is also advised to perform professional incident response and server-side malware scanning if a compromise is suspected, and avoid relying solely on plugin-based malware scanners. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-32589. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart