Description

WordPress Plugin WooCommerce is prone to multiple vulnerabilities, including directory traversal and security bypass vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that could aid in further attacks, or to perform otherwise restricted actions and subsequently delete arbitrary comment. WordPress Plugin WooCommerce version 6.2.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 6.2.1 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:B76DBF37-A0A2-48CF-BD85-3EBBC2F394DD

https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/

Related Vulnerabilities

WordPress Plugin Contact Form Check Tester Cross-Site Scripting (1.0.2)

Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2022-45143)

MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2009-2446)

MediaWiki CVE-2019-12474 Vulnerability (CVE-2019-12474)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29046)

Severity

High

Classification

CVE-2022-0775 CWE-22 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update