Headline
CVE-2022-34868: WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Authenticated Arbitrary Settings Update vulnerability - Patchstack
Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
79f457e901cf
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-07-29
Details
Authenticated Arbitrary Settings Update vulnerability discovered by ptsfence (Patchstack Alliance) in WordPress ЮKassa для WooCommerce plugin (versions <= 2.3.0).
Solution
Update the WordPress ЮKassa для WooCommerce plugin to the latest available version (at least 2.3.1).
References
Changeset