3 matches found
CVE-2022-4872 WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'...
CVE-2022-4872
CVE-2022-4872 affects the WooCommerce Chained Products plugin for WordPress, specifically versions before 2.12.0. The root cause is missing authorization and CSRF checks, plus failure to ensure the updated option belongs to the plugin, enabling an unauthenticated attacker to update arbitrary opti...
WordPress WooCommerce Chained Products Plugin < 2.12.0 is vulnerable to Broken Access Control
Software WooCommerce Chained Products Type Plugin Vulnerable versions 2.12.0 Fixed in 2.12.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4872 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b129a8471653 Credits WPScan...