Vulnerability Details CVE-2022-36284
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.6%
CVSS Severity
CVSS v3 Score 6.4
References
- https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt
- https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change
- https://dzv365zjfbd8v.cloudfront.net/changelogs/affiliate-for-woocommerce/changelog.txt
- https://patchstack.com/database/vulnerability/affiliate-for-woocommerce/wordpress-affiliate-for-woocommerce-premium-plugin-4-7-0-authenticated-idor-vulnerability-leading-to-paypal-email-change
Products affected by CVE-2022-36284
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.0.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.1.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.10.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.10.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.2.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.2.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.3.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.3.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.3.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.3.3
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.3.4
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.4.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.4.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.5.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.5.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.6.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.6.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.6.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.7.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.7.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.8.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.8.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.9.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:1.9.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.0.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.0.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.1.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.2.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.3.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.3.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.4.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.4.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.4.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.4.3
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.5.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.5.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.6.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.7.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.7.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.7.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.8.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.8.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.8.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.8.3
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:2.8.4
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.0.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.0.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.0.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.1.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.10.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.11.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.12.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.13.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.2.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.2.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.2.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.3.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.3.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.3.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.4.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.4.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.4.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.5.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.5.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.5.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.5.3
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.5.4
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.6.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.7.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.7.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.8.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.9.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:3.9.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.0.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.0.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.1.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.2.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.2.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.3.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.4.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.4.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.5.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.5.2
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.6.0
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.6.1
-
cpe:2.3:a:storeapps:affiliate_for_woocommerce:4.7.0