CVE-2022-28666

2022-07-2117:15:08

CWE-287

[email protected]

web.nvd.nist.gov

cve

2022

28666

broken access control

yikes inc.

custom product tabs

woocommerce

plugin

wordpress

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

31.5%

JSON

Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.

Affected configurations

Vulners

NVD

Node

yikes_inc.custom_product_tabs_for_woocommerce_\(wordpress_plugin\)Range≤1.7.7

CPENameOperatorVersion
yikesinc:custom_product_tabs_for_woocommerceyikesinc custom product tabs for woocommercele1.7.7

CPE	Name	Operator	Version
yikesinc:custom_product_tabs_for_woocommerce	yikesinc custom product tabs for woocommerce	le	1.7.7

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "yikes-inc-easy-custom-woocommerce-product-tabs",
    "product": "Custom Product Tabs for WooCommerce (WordPress plugin)",
    "vendor": "YIKES Inc.",
    "versions": [
      {
        "changes": [
          {
            "at": "1.7.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.7.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/yikes-inc-easy-custom-woocommerce-product-tabs/wordpress-custom-product-tabs-for-woocommerce-plugin-1-7-7-broken-access-control-vulnerability-leading-to-yikes-the-content-toggle-option-update?_s_id=cve