CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45066 – WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-45066
Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. Vulnerabilidad de control de acceso roto autenticada (con permisos de suscriptores o superiores) en el complemento WooSwipe WooCommerce Gallery de Wordpress en versiones <= 2.0.1. The WooSwipe WooCommerce Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the update() function called via the admin_menu hook in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to update the plugins settings. • https://patchstack.com/database/vulnerability/wooswipe/wordpress-wooswipe-woocommerce-gallery-plugin-2-0-1-auth-broken-access-control-vulnerability?_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •