4.3
CVE-2022-4872
- EPSS 0.28%
- Veröffentlicht 30.01.2023 21:15:12
- Zuletzt bearbeitet 27.03.2025 20:15:19
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'
WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'
Mögliche Gegenmaßnahme
WooCommerce Chained Products: Update to version 2.12.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Chained Products Project ≫ Chained Products SwPlatformwordpress Version < 2.12.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WooCommerce Chained Products
Version
[*, 2.12.0)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.196 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wpscan.com/vulnerability/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6
https://www.wordfence.com/threat-intel/vulnerabilities/id/6b839c7d-76fb-465e-9f27-1882cf0099fa