Vulnerabilities > CVE-2022-36284 - Authorization Bypass Through User-Controlled Key vulnerability in Storeapps Affiliate for Woocommerce

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
storeapps
CWE-639
NVD
Published: 2022-08-05
Updated: 2022-08-10

Summary

Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.

Vulnerable Configurations

Part Description Count
Application
Storeapps
86

Common Weakness Enumeration (CWE)

References