Vulnerabilities > CVE-2022-2555 - Unspecified vulnerability in Yotpo Reviews for Woocommerce Project Yotpo Reviews for Woocommerce 2.0.4

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack.