CVE-2022-36284 Vulnerability Details

  /     /     /  

CVE-2022-36284 Metadata Quick Info

CVE Published: 05/08/2022 | CVE Updated: 16/09/2024 | CVE Year: 2022
Source: Patchstack | Vendor: StoreApps | Product: Affiliate For WooCommerce (WordPress plugin)
Status : PUBLISHED

---

CVE-2022-36284 Description

Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.

Metrics

CVSS Version: 3.1 | Base Score: 6.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Insecure Direct Object References (IDOR)
Source: StoreApps

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).