Search criteria
6 vulnerabilities found for affiliate_for_woocommerce by storeapps
FKIE_CVE-2022-36284
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2025-02-20 21:15
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| storeapps | affiliate_for_woocommerce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:storeapps:affiliate_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "86D1452C-085A-4DEB-8897-48D6F98DFF8D",
"versionEndIncluding": "4.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page."
},
{
"lang": "es",
"value": "Una vulnerabilidad de IDOR autenticado en el plugin StoreApps Affiliate For WooCommerce premium versiones anteriores a 4.7.0 incluy\u00e9ndola, en WordPress permite a un atacante cambiar el correo electr\u00f3nico de PayPal. El plugin WooCommerce PayPal Payments (gratuito) debe ser instalado al menos para obtener el campo de entrada extra en la p\u00e1gina de perfil del usuario"
}
],
"id": "CVE-2022-36284",
"lastModified": "2025-02-20T21:15:23.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:14.557",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-25649
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 06:52
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| storeapps | affiliate_for_woocommerce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:storeapps:affiliate_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "90B942FE-ED57-4F0D-8516-CF1C8CD21F73",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Control de Acceso Inapropiado en el plugin premium StoreApps Affiliate For WooCommerce versiones anteriores a 4.7.0 incluy\u00e9ndola, en WordPress"
}
],
"id": "CVE-2022-25649",
"lastModified": "2024-11-21T06:52:30.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:11.493",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-36284 (GCVE-0-2022-36284)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:08 – Updated: 2025-02-20 20:13
VLAI?
Title
WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change
Summary
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.
Severity ?
6.4 (Medium)
CWE
- Insecure Direct Object References (IDOR)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StoreApps | Affiliate For WooCommerce (WordPress plugin) |
Affected:
<= 4.7.0 , ≤ 4.7.0
(custom)
|
Credits
Vulnerability discovered by Vlad Vector (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:27:30.616774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:13:40.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Affiliate For WooCommerce (WordPress plugin)",
"vendor": "StoreApps",
"versions": [
{
"lessThanOrEqual": "4.7.0",
"status": "affected",
"version": "\u003c= 4.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"datePublic": "2022-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Direct Object References (IDOR)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:08:51.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T23:04:00.000Z",
"ID": "CVE-2022-36284",
"STATE": "PUBLIC",
"TITLE": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Affiliate For WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 4.7.0",
"version_value": "4.7.0"
}
]
}
}
]
},
"vendor_name": "StoreApps"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object References (IDOR)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt",
"refsource": "CONFIRM",
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"name": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-36284",
"datePublished": "2022-08-05T15:08:51.582Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2025-02-20T20:13:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25649 (GCVE-0-2022-25649)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:07 – Updated: 2025-02-20 20:14
VLAI?
Title
WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities
Summary
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.
Severity ?
5 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StoreApps | Affiliate For WooCommerce (WordPress plugin) |
Affected:
<= 4.7.0 , ≤ 4.7.0
(custom)
|
Credits
Vulnerability discovered by Gennady Kovshenin (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:27:40.138650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:14:11.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Affiliate For WooCommerce (WordPress plugin)",
"vendor": "StoreApps",
"versions": [
{
"lessThanOrEqual": "4.7.0",
"status": "affected",
"version": "\u003c= 4.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Gennady Kovshenin (Patchstack Alliance)"
}
],
"datePublic": "2022-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:52.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Multiple Improper Access Control vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T21:57:00.000Z",
"ID": "CVE-2022-25649",
"STATE": "PUBLIC",
"TITLE": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Multiple Improper Access Control vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Affiliate For WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 4.7.0",
"version_value": "4.7.0"
}
]
}
}
]
},
"vendor_name": "StoreApps"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Gennady Kovshenin (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities"
},
{
"name": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt",
"refsource": "CONFIRM",
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-25649",
"datePublished": "2022-08-05T15:07:52.745Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2025-02-20T20:14:11.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36284 (GCVE-0-2022-36284)
Vulnerability from nvd – Published: 2022-08-05 15:08 – Updated: 2025-02-20 20:13
VLAI?
Title
WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change
Summary
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.
Severity ?
6.4 (Medium)
CWE
- Insecure Direct Object References (IDOR)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StoreApps | Affiliate For WooCommerce (WordPress plugin) |
Affected:
<= 4.7.0 , ≤ 4.7.0
(custom)
|
Credits
Vulnerability discovered by Vlad Vector (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:27:30.616774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:13:40.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Affiliate For WooCommerce (WordPress plugin)",
"vendor": "StoreApps",
"versions": [
{
"lessThanOrEqual": "4.7.0",
"status": "affected",
"version": "\u003c= 4.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"datePublic": "2022-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Direct Object References (IDOR)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:08:51.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T23:04:00.000Z",
"ID": "CVE-2022-36284",
"STATE": "PUBLIC",
"TITLE": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Affiliate For WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 4.7.0",
"version_value": "4.7.0"
}
]
}
}
]
},
"vendor_name": "StoreApps"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object References (IDOR)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt",
"refsource": "CONFIRM",
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"name": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-36284",
"datePublished": "2022-08-05T15:08:51.582Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2025-02-20T20:13:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25649 (GCVE-0-2022-25649)
Vulnerability from nvd – Published: 2022-08-05 15:07 – Updated: 2025-02-20 20:14
VLAI?
Title
WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities
Summary
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.
Severity ?
5 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StoreApps | Affiliate For WooCommerce (WordPress plugin) |
Affected:
<= 4.7.0 , ≤ 4.7.0
(custom)
|
Credits
Vulnerability discovered by Gennady Kovshenin (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:27:40.138650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:14:11.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Affiliate For WooCommerce (WordPress plugin)",
"vendor": "StoreApps",
"versions": [
{
"lessThanOrEqual": "4.7.0",
"status": "affected",
"version": "\u003c= 4.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Gennady Kovshenin (Patchstack Alliance)"
}
],
"datePublic": "2022-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:52.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Multiple Improper Access Control vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T21:57:00.000Z",
"ID": "CVE-2022-25649",
"STATE": "PUBLIC",
"TITLE": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Multiple Improper Access Control vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Affiliate For WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 4.7.0",
"version_value": "4.7.0"
}
]
}
}
]
},
"vendor_name": "StoreApps"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Gennady Kovshenin (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-multiple-improper-access-control-vulnerabilities"
},
{
"name": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt",
"refsource": "CONFIRM",
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-25649",
"datePublished": "2022-08-05T15:07:52.745Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2025-02-20T20:14:11.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}