Vulnerabilities > CVE-2021-42367 - Missing Authorization vulnerability in Variation Swatches for Woocommerce Project Variation Swatches for Woocommerce

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

variation-swatches-for-woocommerce-project

CWE-862

NVD

Published: 2021-12-14

Updated: 2022-08-09

Summary

The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Variation_Swatches_For_Woocommerce_Project Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce - Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.3 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.4 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.9 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.11 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.12 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.15 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.16 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.21 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.25 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.26 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.27 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.29 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.30 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.32 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.33 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.35 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.36 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.38 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.40 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.42 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.44 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.47 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.50 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.52 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.54 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.56 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.59 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.60 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.62 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.63 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.65 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.66 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.67 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.69 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.71 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.72 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.73 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.74 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.76 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.77 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.78 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.84 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.0.85 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.0 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.1 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.2 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.3 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.8 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.13 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.15 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.17 Variation Swatches FOR Woocommerce Project Variation Swatches FOR Woocommerce 1.1.19	53

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References