WordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access Control
CVE-2022-38141

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Sales Report Email For WooCommerce
Vendor: CVE Published:; 17 January 2024

Summary

A missing authorization vulnerability exists in the Zorem Sales Report Email for WooCommerce plugin, which allows unauthorized users to access sensitive functionalities. This vulnerability affects various versions of the plugin up to version 2.8. As a result, attackers may exploit this weakness to manipulate email reports or access confidential sales data without proper permissions, posing a significant risk to online store operators and their customers.

Affected Version(s)

Sales Report Email for WooCommerce <= 2.8

References

https://patchstack.com/database/vulnerability/woo-advance...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2024
Vulnerability Reserved
Sep 27, 2022

Credit

István Márton (Patchstack Alliance)