Lucene search

PatchstackCVELIST:CVE-2022-38134

HistorySep 23, 2022 - 3:14 p.m.

CVE-2022-38134 WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control vulnerability

2022-09-2315:14:40

CWE-264

Patchstack

www.cve.org

wordpress

customer reviews

woocommerce

plugin

authenticated

broken access control

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

CNA Affected

[
  {
    "product": "Customer Reviews for WooCommerce (WordPress plugin)",
    "vendor": "CusRev",
    "versions": [
      {
        "lessThanOrEqual": "5.3.5",
        "status": "affected",
        "version": "<= 5.3.5",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve

wordpress.org/plugins/customer-reviews-woocommerce/#developers

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Related for CVELIST:CVE-2022-38134