WordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access Control
CVE-2022-38141
4.3MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 17 January 2024
Summary
A missing authorization vulnerability exists in the Zorem Sales Report Email for WooCommerce plugin, which allows unauthorized users to access sensitive functionalities. This vulnerability affects various versions of the plugin up to version 2.8. As a result, attackers may exploit this weakness to manipulate email reports or access confidential sales data without proper permissions, posing a significant risk to online store operators and their customers.
Affected Version(s)
Sales Report Email for WooCommerce <= 2.8
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
István Márton (Patchstack Alliance)