Syncee – Global Dropshipping < 1.0.10 – Authentication Token Disclosure | CVE 2022-3694

Description

The plugin leaks the administrator token that can be used to take over the administrator's account.

Proof of Concept

The plugin sends a GET request to "/wp-json/syncee/retailer/v1/getDataForFrontend" endpoint to get access token of the administrator. An attacker can use this access token to takeover the administrator's Syncee account via adding new team member.

Affects Plugins

syncee-global-dropshipping

Fixed in 1.0.10

References

CVE

CVE-2022-3694

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

CVSS

8.6 (high)

Miscellaneous

Original Researcher

5h4m4n53c

Submitter

5h4m4n53c

Verified

Yes

WPVDB ID

ad12bab7-9baf-4646-a93a-0d3286407c1e

Timeline

Publicly Published

2022-11-28 (about 1 years ago)

Added

2022-11-14 (about 1 years ago)

Last Updated

2022-11-14 (about 1 years ago)

Other

Published

Title

Published

2022-03-22

Title

Ninja Forms < 3.6.8-wp - Unauthenticated Email Address Disclosure

Published

2022-03-09

Title

Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure

Published

2022-02-10

Title

wpDiscuz < 7.3.12 - Sensitive Information Disclosure

Published

2024-04-22

Title

FG Joomla to WordPress < 4.21.0 - Sensitive Information Exposure

Published

2022-08-01

Title

Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing