{"containers":{"cna":{"affected":[{"product":"Product Slider for WooCommerce","vendor":"Unknown","versions":[{"lessThan":"2.5.7","status":"affected","version":"2.5.7","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Krzysztof Zając"}],"descriptions":[{"lang":"en","value":"The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-352","description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-08-22T15:02:20.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3"}],"source":{"discovery":"EXTERNAL"},"title":"Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2022-2382","STATE":"PUBLIC","TITLE":"Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Product Slider for WooCommerce","version":{"version_data":[{"version_affected":"<","version_name":"2.5.7","version_value":"2.5.7"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"Krzysztof Zając"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options."}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862 Missing Authorization"}]},{"description":[{"lang":"eng","value":"CWE-352 Cross-Site Request Forgery (CSRF)"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3","refsource":"MISC","url":"https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T00:39:06.347Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-2382","datePublished":"2022-08-22T15:02:20.000Z","dateReserved":"2022-07-11T00:00:00.000Z","dateUpdated":"2024-08-03T00:39:06.347Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}