CVE-2022-0775

Sažetak

The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

Reference

https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/
https://plugins.trac.wordpress.org/changeset/2683324
https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/
https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/
https://plugins.trac.wordpress.org/changeset/2683324
https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

11-06-2025 - 17:15

Objavljeno

16-01-2024 - 16:15