exploitDog

CVE-2022-1563

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.

Ссылки

https://github.com/wp-graphql/wp-graphql-woocommerce/
Product
https://wpscan.com/vulnerability/19138092-50d3-4d63-97c5-aa8e1ce39456/
Exploit
Third Party Advisory
https://github.com/wp-graphql/wp-graphql-woocommerce/
Product
https://wpscan.com/vulnerability/19138092-50d3-4d63-97c5-aa8e1ce39456/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpengine:wpgraphql:*:*:*:*:*:wordpress:*:*

Версия до 0.12.3 (включая)

EPSS

Процентиль: 68%

0.00568

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c5j7-mp6j-v4wc

CVSS3: 5.3

github

около 2 лет назад

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.

EPSS

Процентиль: 68%

0.00568

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo