2 matches found
CVE-2022-23982
CVE-2022-23982 concerns the WordPress plugin Perfect Brands for WooCommerce (versions ≤ 2.0.4). The available sources indicate an information disclosure vulnerability that allows exposure of server information. Patch guidance from Patchstack recommends updating to at least version 2.0.5. Other en...
CVE-2022-23981
CVE-2022-23981 affects WordPress Perfect Brands for WooCommerce plugin. Versions up to and including 2.0.4 expose an access control flaw where Subscriber+ level users can create brands due to missing authorization/CSRF checks in AJAX actions. The issue enables arbitrary brand creation by low-priv...