CVE-2022-36284

Опубликовано: 05 авг. 2022

Источник: nvd

CVSS3: 6.4

CVSS3: 6.5

EPSS Низкий

Описание

Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.

Ссылки

https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change
Third Party Advisory
https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:storeapps:affiliate_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 4.7.0 (включая)

EPSS

Процентиль: 41%

0.0019

Низкий

6.4 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-f8cv-rhqg-3x6w

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 41%

0.0019

Низкий

6.4 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-639