Lucene search

PatchstackCVELIST:CVE-2022-38141

HistoryJan 17, 2024 - 4:04 p.m.

CVE-2022-38141 WordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access Control

2024-01-1716:04:01

CWE-862

Patchstack

www.cve.org

wordpress

sales report

woocommerce

broken access control

missing authorization

vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

16.2%

JSON

Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woo-advanced-sales-report-email",
    "product": "Sales Report Email for WooCommerce",
    "vendor": "Zorem",
    "versions": [
      {
        "changes": [
          {
            "at": "2.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woo-advanced-sales-report-email/wordpress-sales-report-email-for-woocommerce-plugin-2-8-auth-test-email-submission-vulnerability?_s_id=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVELIST:CVE-2022-38141