CVE-2022-0775

Published: Jan 16, 2024Modified: Jun 11, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

Affected (1)

Products: Woocommerce: Woocommerce

Woocommerce

1 product

Woocommerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Woocommerce Woocommerce	Before 6.2.1

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/

Source: contact@wpscan.com

Release Notes

https://plugins.trac.wordpress.org/changeset/2683324

Source: contact@wpscan.com

Patch

https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://plugins.trac.wordpress.org/changeset/2683324

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.