Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
CWE-264
CVE-2022-38135
Broken Access Control vulnerability in Dean Oakley’s Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.
CVE-2022-36375
Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari’s Tabs plugin <= 3.6.0 at WordPress.
CVE-2022-35238
Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.
CVE-2022-35242
Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.
CVE-2022-34868
Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.