WordPress Plugin Vulnerabilities

Perfect Brands for WooCommerce < 2.0.5 - Subscriber+ Arbitrary Brand Creation

Description

The plugin does not have authorisation and CSRF checks in some of its AJAX actions, which could allow any authenticated users, such as subscriber to create arbitrary brands

Affects Plugins

Plugin icon
perfect-woocommerce-brands
Fixed in 2.0.5

References

CVE
CVE-2022-23981

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
Yes
WPVDB ID
8f7d97ff-a5bb-40cc-861b-5a868dd5c57a

Timeline

Publicly Published
2022-01-28 (about 4 years ago)
Added
2022-02-19 (about 4 years ago)
Last Updated
2022-04-09 (about 3 years ago)

Other

Published
Title
Published
2024-04-05
Title
AWP Classifieds < 4.3.2 - Missing Authorization
Published
2024-09-24
Title
myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification < 2.7.4 - Missing Authorization to Unauthenticated Database Upgrade
Published
2023-12-07
Title
Awesome Support < 6.1.8 - Missing Authorization
Published
2023-11-22
Title
Super Progressive Web Apps < 2.2.22 - Missing Authorization
Published
2023-05-04
Title
Multi Rating <= 5.0.6 - Unauthenticated Ratings Update