WordPress Plugin Vulnerabilities

Customer Reviews for WooCommerce < 5.3.6 - Broken Access Control

Description

The plugin does not have proper authorisation in some actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions

Affects Plugins

Plugin icon
customer-reviews-woocommerce
Fixed in 5.3.6

References

CVE
CVE-2022-38134

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
2fa2c1fe-0a92-48a5-b79f-2460526471a4

Timeline

Publicly Published
2022-09-22 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2023-08-14
Title
Media from FTP < 11.17 - Author+ Arbitrary File Access
Published
2022-11-21
Title
StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation
Published
2024-04-25
Title
WP Time Slots Booking Form < 1.2.07 - Unauthenticated Price Manipulation
Published
2023-02-09
Title
WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion
Published
2021-11-09
Title
Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access