CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34868 – WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Authenticated Arbitrary Settings Update vulnerability
https://notcve.org/view.php?id=CVE-2022-34868
29 Jul 2022 — Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. Una vulnerabilidad de Actualización de Configuración Arbitraria Autenticada en el plugin YooMoney ?Kassa ?? WooCommerce plugin versiones anteriores a 2.3.0 incluyéndola, en WordPress. The ЮKassa для WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_settings() function in versions up to, and including, 2.3.0. • https://patchstack.com/database/vulnerability/yookassa/wordpress-yukassa-dlya-woocommerce-plugin-2-3-0-authenticated-arbitrary-settings-update-vulnerability • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36379 – WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Cross-Site Request Forgery (CSRF) leading to plugin settings update
https://notcve.org/view.php?id=CVE-2022-36379
29 Jul 2022 — Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) conllevando a una actualización de la configuración en el plugin YooMoney "Kassa". WooCommerce plugin versiones anteriores a 2.3.0 incluyéndola, en WordPress. The ЮKassa для WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.0. This is due to missing non... • https://patchstack.com/database/vulnerability/yookassa/wordpress-yukassa-dlya-woocommerce-plugin-2-3-0-cross-site-request-forgery-csrf-leading-to-plugin-settings-update • CWE-352: Cross-Site Request Forgery (CSRF) •