WordPress APIExperts Square for WooCommerce plugin <= 4.4.1 - Broken Access Control
CVE-2022-47182

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Apiexperts Square For WooCommerce
Vendor: CVE Published:; 13 December 2024

What is CVE-2022-47182?

A vulnerability exists in the Wpexpertsio APIExperts Square for WooCommerce due to missing authorization, which allows attackers to exploit incorrectly configured access control security levels. This vulnerability could lead to unauthorized access, enabling potential data exposure or manipulation by exploiting the affected product. Versions from n/a to 4.4.1 are at risk.

Affected Version(s)

APIExperts Square for WooCommerce <= 4.4.1

References

https://patchstack.com/database/wordpress/plugin/woosquar...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 12, 2022

Credit

Cat (Patchstack Alliance)

CVE-2022-47182 Data

JSON