CVE Vulnerability

CVE-2022-36284

Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt Release Notes Third Party Advisory
https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:storeapps:affiliate_for_woocommerce:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-08-05 04:15

Updated : 2022-08-10 04:59

NVD link : CVE-2022-36284

Mitre link : CVE-2022-36284

Products Affected
No products.
CWE
CWE-639