CVE-2022-36284 (GCVE-0-2022-36284)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:08 – Updated: 2025-02-20 20:13
VLAI?
Title
WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change
Summary
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.
Severity ?
6.4 (Medium)
CWE
- Insecure Direct Object References (IDOR)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StoreApps | Affiliate For WooCommerce (WordPress plugin) |
Affected:
<= 4.7.0 , ≤ 4.7.0
(custom)
|
Credits
Vulnerability discovered by Vlad Vector (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:27:30.616774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:13:40.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Affiliate For WooCommerce (WordPress plugin)",
"vendor": "StoreApps",
"versions": [
{
"lessThanOrEqual": "4.7.0",
"status": "affected",
"version": "\u003c= 4.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"datePublic": "2022-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Direct Object References (IDOR)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:08:51.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T23:04:00.000Z",
"ID": "CVE-2022-36284",
"STATE": "PUBLIC",
"TITLE": "WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Affiliate For WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 4.7.0",
"version_value": "4.7.0"
}
]
}
}
]
},
"vendor_name": "StoreApps"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object References (IDOR)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt",
"refsource": "CONFIRM",
"url": "https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt"
},
{
"name": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 4.8.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-36284",
"datePublished": "2022-08-05T15:08:51.582Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2025-02-20T20:13:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:storeapps:affiliate_for_woocommerce:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"4.7.0\", \"matchCriteriaId\": \"86D1452C-085A-4DEB-8897-48D6F98DFF8D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de IDOR autenticado en el plugin StoreApps Affiliate For WooCommerce premium versiones anteriores a 4.7.0 incluy\\u00e9ndola, en WordPress permite a un atacante cambiar el correo electr\\u00f3nico de PayPal. El plugin WooCommerce PayPal Payments (gratuito) debe ser instalado al menos para obtener el campo de entrada extra en la p\\u00e1gina de perfil del usuario\"}]",
"id": "CVE-2022-36284",
"lastModified": "2024-11-21T07:12:43.080",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"audit@patchstack.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2022-08-05T16:15:14.557",
"references": "[{\"url\": \"https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-639\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-36284\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2022-08-05T16:15:14.557\",\"lastModified\":\"2025-02-20T21:15:23.537\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de IDOR autenticado en el plugin StoreApps Affiliate For WooCommerce premium versiones anteriores a 4.7.0 incluy\u00e9ndola, en WordPress permite a un atacante cambiar el correo electr\u00f3nico de PayPal. El plugin WooCommerce PayPal Payments (gratuito) debe ser instalado al menos para obtener el campo de entrada extra en la p\u00e1gina de perfil del usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:storeapps:affiliate_for_woocommerce:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"4.7.0\",\"matchCriteriaId\":\"86D1452C-085A-4DEB-8897-48D6F98DFF8D\"}]}]}],\"references\":[{\"url\":\"https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"product\": \"Affiliate For WooCommerce (WordPress plugin)\", \"vendor\": \"StoreApps\", \"versions\": [{\"lessThanOrEqual\": \"4.7.0\", \"status\": \"affected\", \"version\": \"\u003c= 4.7.0\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"value\": \"Vulnerability discovered by Vlad Vector (Patchstack)\"}], \"datePublic\": \"2022-08-01T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Insecure Direct Object References (IDOR)\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-08-05T15:08:51.000Z\", \"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to 4.8.0 or higher version.\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"title\": \"WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change\", \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"audit@patchstack.com\", \"DATE_PUBLIC\": \"2022-08-01T23:04:00.000Z\", \"ID\": \"CVE-2022-36284\", \"STATE\": \"PUBLIC\", \"TITLE\": \"WordPress Affiliate For WooCommerce premium plugin \u003c= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Affiliate For WooCommerce (WordPress plugin)\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c=\", \"version_name\": \"\u003c= 4.7.0\", \"version_value\": \"4.7.0\"}]}}]}, \"vendor_name\": \"StoreApps\"}]}}, \"credit\": [{\"lang\": \"eng\", \"value\": \"Vulnerability discovered by Vlad Vector (Patchstack)\"}], \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin \u003c= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.\"}]}, \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"impact\": {\"cvss\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Insecure Direct Object References (IDOR)\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt\", \"refsource\": \"CONFIRM\", \"url\": \"https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt\"}, {\"name\": \"https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change\", \"refsource\": \"CONFIRM\", \"url\": \"https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change\"}]}, \"solution\": [{\"lang\": \"en\", \"value\": \"Update to 4.8.0 or higher version.\"}], \"source\": {\"discovery\": \"EXTERNAL\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:00:04.224Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-36284\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-20T19:27:30.616774Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639 Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-20T19:27:32.211Z\"}}]}",
"cveMetadata": "{\"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"assignerShortName\": \"Patchstack\", \"cveId\": \"CVE-2022-36284\", \"datePublished\": \"2022-08-05T15:08:51.582Z\", \"dateReserved\": \"2022-07-22T00:00:00.000Z\", \"dateUpdated\": \"2025-02-20T20:13:40.949Z\", \"state\": \"PUBLISHED\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…