Lucene search

PatchstackCVELIST:CVE-2022-40194

HistorySep 23, 2022 - 3:05 p.m.

CVE-2022-40194 WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability

2022-09-2315:05:35

CWE-200

Patchstack

www.cve.org

wordpress

customer reviews

woocommerce

information disclosure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

57.6%

JSON

Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress

CNA Affected

[
  {
    "product": "Customer Reviews for WooCommerce (WordPress plugin)",
    "vendor": "CusRev",
    "versions": [
      {
        "lessThanOrEqual": "5.3.5",
        "status": "affected",
        "version": "<= 5.3.5",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve

wordpress.org/plugins/customer-reviews-woocommerce/#developers

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

57.6%

JSON

Related for CVELIST:CVE-2022-40194