A user with an account could change any data, leading to a potential data breach. Data integrity issues in WP Shop plugin = 3.9.6 at WordPress.
Incorrect data being stored can lead to a data breach.
CVE# Issue WP Shop plugin 3.9.6 or older.
Unauthenticated Plugin Settings Change & Data Deletion. WP Shop plugin 3.9.6 or older.
Unauthenticated Data Entry. WP Shop plugin 3.9.6 or older.
Incorrect Data being stored. WP Shop plugin 3.9.6 or older.
Incorrect data being stored. WP Shop plugin 3.9.6 or older.
Incorrect data being stored.
What you need to know about WP Shop data integrity vulnerability =
A data integrity issue in the WP Shop plugin 3.9.6 has been identified and fixed. This issue was caused by a user with an account that could change any data on their own store, which potentially could lead to a data breach. The vulnerability was also caused by incorrect data being stored, which means anyone could change or delete any data on a website's store if they have permission to do so.
The following are some of the vulnerabilities found: Unauthenticated Data Entry & Unauthenticated Plugin Settings Change & Data Deletion. WP Shop plugin 3.9.6 or older. Unauthenticated Data Entry & Unauthenticated Plugin Settings Change & Data Deletion. WP Shop plugin 3.9.6 or older. Incorrect Data being stored in the WordPress database (CVE-2022-36793).
Timeline
Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/10/2022 03:51:00 UTC