WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities
CVE-2022-25649

5MEDIUM

Key Information:

Vendor
Wordpress
Status
Affiliate For WooCommerce (WordPress Plugin)
Vendor
CVE Published:
5 August 2022

Summary

Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.

Affected Version(s)

Affiliate For WooCommerce (WordPress plugin) <= 4.7.0 <= 4.7.0

References

https://patchstack.com/database/vulnerability/affiliate-f...
x_refsource_CONFIRM
https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate...
x_refsource_CONFIRM

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vulnerability discovered by Gennady Kovshenin (Patchstack Alliance)
.