Vulnerability Description
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Storeapps | Affiliate For Woocommerce | <= 4.7.0 |
Related Weaknesses (CWE)
References
- https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changeRelease NotesThird Party Advisory
- https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpresThird Party Advisory
- https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changeRelease NotesThird Party Advisory
- https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpresThird Party Advisory
FAQ
What is CVE-2022-36284?
CVE-2022-36284 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) sh...
How severe is CVE-2022-36284?
CVE-2022-36284 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36284?
Check the references section above for vendor advisories and patch information. Affected products include: Storeapps Affiliate For Woocommerce.