Vulnerabilities > CVE-2022-2382 - Missing Authorization vulnerability in Shapedplugin Product Slider for Woocommerce

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

shapedplugin

CWE-862

NVD

Published: 2022-08-22

Updated: 2023-06-30

Summary

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.

Vulnerable Configurations

Part	Description	Count
Application	Shapedplugin Shapedplugin Product Slider FOR Woocommerce - Shapedplugin Product Slider FOR Woocommerce 1.0 Shapedplugin Product Slider FOR Woocommerce 1.1 Shapedplugin Product Slider FOR Woocommerce 1.2 Shapedplugin Product Slider FOR Woocommerce 1.3 Shapedplugin Product Slider FOR Woocommerce 1.3.1 Shapedplugin Product Slider FOR Woocommerce 1.4 Shapedplugin Product Slider FOR Woocommerce 1.13.22 Shapedplugin Product Slider FOR Woocommerce 2.0 Shapedplugin Product Slider FOR Woocommerce 2.1 Shapedplugin Product Slider FOR Woocommerce 2.1.1 Shapedplugin Product Slider FOR Woocommerce 2.1.2 Shapedplugin Product Slider FOR Woocommerce 2.1.3 Shapedplugin Product Slider FOR Woocommerce 2.1.4 Shapedplugin Product Slider FOR Woocommerce 2.1.5 Shapedplugin Product Slider FOR Woocommerce 2.1.6 Shapedplugin Product Slider FOR Woocommerce 2.1.7 Shapedplugin Product Slider FOR Woocommerce 2.1.8 Shapedplugin Product Slider FOR Woocommerce 2.1.9 Shapedplugin Product Slider FOR Woocommerce 2.1.10 Shapedplugin Product Slider FOR Woocommerce 2.1.11 Shapedplugin Product Slider FOR Woocommerce 2.1.12 Shapedplugin Product Slider FOR Woocommerce 2.1.13 Shapedplugin Product Slider FOR Woocommerce 2.1.14 Shapedplugin Product Slider FOR Woocommerce 2.1.15 Shapedplugin Product Slider FOR Woocommerce 2.1.16 Shapedplugin Product Slider FOR Woocommerce 2.2.0 Shapedplugin Product Slider FOR Woocommerce 2.2.1 Shapedplugin Product Slider FOR Woocommerce 2.2.2 Shapedplugin Product Slider FOR Woocommerce 2.2.3 Shapedplugin Product Slider FOR Woocommerce 2.2.4 Shapedplugin Product Slider FOR Woocommerce 2.2.5 Shapedplugin Product Slider FOR Woocommerce 2.2.6 Shapedplugin Product Slider FOR Woocommerce 2.2.7 Shapedplugin Product Slider FOR Woocommerce 2.2.8 Shapedplugin Product Slider FOR Woocommerce 2.2.9 Shapedplugin Product Slider FOR Woocommerce 2.2.10 Shapedplugin Product Slider FOR Woocommerce 2.2.11 Shapedplugin Product Slider FOR Woocommerce 2.2.12 Shapedplugin Product Slider FOR Woocommerce 2.2.13 Shapedplugin Product Slider FOR Woocommerce 2.3.0 Shapedplugin Product Slider FOR Woocommerce 2.3.1 Shapedplugin Product Slider FOR Woocommerce 2.3.2 Shapedplugin Product Slider FOR Woocommerce 2.3.3 Shapedplugin Product Slider FOR Woocommerce 2.3.4 Shapedplugin Product Slider FOR Woocommerce 2.4.0 Shapedplugin Product Slider FOR Woocommerce 2.4.1 Shapedplugin Product Slider FOR Woocommerce 2.4.2 Shapedplugin Product Slider FOR Woocommerce 2.4.3 Shapedplugin Product Slider FOR Woocommerce 2.5.0 Shapedplugin Product Slider FOR Woocommerce 2.5.1 Shapedplugin Product Slider FOR Woocommerce 2.5.2 Shapedplugin Product Slider FOR Woocommerce 2.5.3 Shapedplugin Product Slider FOR Woocommerce 2.5.4 Shapedplugin Product Slider FOR Woocommerce 2.5.5 Shapedplugin Product Slider FOR Woocommerce 2.5.6	56

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3