Vulnerability Description
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Woocommerce | Woocommerce | < 6.2.1 |
Related Weaknesses (CWE)
References
- https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/Release Notes
- https://plugins.trac.wordpress.org/changeset/2683324Patch
- https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/ExploitThird Party Advisory
- https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/Release Notes
- https://plugins.trac.wordpress.org/changeset/2683324Patch
- https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/ExploitThird Party Advisory
FAQ
What is CVE-2022-0775?
CVE-2022-0775 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
How severe is CVE-2022-0775?
CVE-2022-0775 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0775?
Check the references section above for vendor advisories and patch information. Affected products include: Woocommerce Woocommerce.