The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Aug 2022, 02:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:shapedplugin:product_slider_for_woocommerce:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (MISC) https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3 - Exploit, Third Party Advisory | |
First Time |
Shapedplugin
Shapedplugin product Slider For Woocommerce |
22 Aug 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-22 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2382
Mitre link : CVE-2022-2382
CVE.ORG link : CVE-2022-2382
JSON object : View
Products Affected
shapedplugin
- product_slider_for_woocommerce