CVE-2022-28666

Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/yikes-inc-easy-custom-woocommerce-product-tabs/wordpress-custom-product-tabs-for-woocommerce-plugin-1-7-7-broken-access-control-vulnerability-leading-to-yikes-the-content-toggle-option-update?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yikesinc:custom_product_tabs_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

16 Sep 2024, 19:16

Type	Values Removed	Values Added
Summary	~~(en) Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.~~	(en) Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.

02 Aug 2023, 17:20

Type	Values Removed	Values Added
References	(MISC) https://patchstack.com/database/vulnerability/yikes-inc-easy-custom-woocommerce-product-tabs/wordpress-custom-product-tabs-for-woocommerce-plugin-1-7-7-broken-access-control-vulnerability-leading-to-yikes-the-content-toggle-option-update?_s_id=cve -	(MISC) https://patchstack.com/database/vulnerability/yikes-inc-easy-custom-woocommerce-product-tabs/wordpress-custom-product-tabs-for-woocommerce-plugin-1-7-7-broken-access-control-vulnerability-leading-to-yikes-the-content-toggle-option-update?_s_id=cve - Third Party Advisory

26 Jul 2023, 08:15

Type	Values Removed	Values Added
References	{'url': 'https://wordpress.org/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/', 'name': 'https://wordpress.org/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/', 'tags': ['Product', 'Third Party Advisory'], 'refsource': 'CONFIRM'} {'url': 'https://patchstack.com/database/vulnerability/yikes-inc-easy-custom-woocommerce-product-tabs/wordpress-custom-product-tabs-for-woocommerce-plugin-1-7-7-broken-access-control-vulnerability-leading-to-yikes-the-content-toggle-option-update', 'name': 'https://patchstack.com/database/vulnerability/yikes-inc-easy-custom-woocommerce-product-tabs/wordpress-custom-product-tabs-for-woocommerce-plugin-1-7-7-broken-access-control-vulnerability-leading-to-yikes-the-content-toggle-option-update', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}	(MISC) https://patchstack.com/database/vulnerability/yikes-inc-easy-custom-woocommerce-product-tabs/wordpress-custom-product-tabs-for-woocommerce-plugin-1-7-7-broken-access-control-vulnerability-leading-to-yikes-the-content-toggle-option-update?_s_id=cve -
Summary	~~Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.~~	Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.

21 Jul 2023, 16:39

Type	Values Removed	Values Added
CWE	~~CWE-269~~	CWE-287

Information

Published : 2022-07-21 17:15

Updated : 2024-09-16 19:16

NVD link : CVE-2022-28666

Mitre link : CVE-2022-28666

CVE.ORG link : CVE-2022-28666

JSON object : View

Products Affected

yikesinc

custom_product_tabs_for_woocommerce

CWE

CWE-287

Improper Authentication

5.3 /10