China National Vulnerability DatabaseCNVD-2022-88219WordPress Customer Reviews for WooCommerce permission permission and access control issues vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Customer Reviews for WooCommerce 5.3.5 and earlier versions are vulnerable to a permission and access control issue, which stems from improper access control of the plugin and can be exploited by an authenticated (subscriber) attacker to perform unauthorized actions. An authenticated (subscriber) attacker could perform unauthorized actions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress customer reviews for woocommerce | le | 5.3.5 |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H