CVE-2022-0775

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-0775
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/ Release Notes
https://plugins.trac.wordpress.org/changeset/2683324 Patch
https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:woocommerce:woocommerce:*:*:*:*:*:wordpress:*:*
History

19 Jan 2024, 18:54

Type Values Removed Values Added
References () https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/ - () https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/ - Release Notes
References () https://plugins.trac.wordpress.org/changeset/2683324 - () https://plugins.trac.wordpress.org/changeset/2683324 - Patch
References () https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/ - () https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/ - Exploit, Third Party Advisory
CWE CWE-863
CPE cpe:2.3:a:woocommerce:woocommerce:*:*:*:*:*:wordpress:*:*
Summary
  • (es) El complemento WooCommerce WordPress anterior a 6.2.1 no tiene una verificación de autorización adecuada al eliminar reseñas, lo que podría permitir a cualquier usuario autenticado, como un suscriptor, eliminar comentarios arbitrarios.
First Time Woocommerce woocommerce
Woocommerce
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3

16 Jan 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-16 16:15

Updated : 2024-01-19 18:54

NVD link : CVE-2022-0775

Mitre link : CVE-2022-0775

CVE.ORG link : CVE-2022-0775

JSON object : View

Products Affected

woocommerce

  • woocommerce
CWE
CWE-863

Incorrect Authorization