The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add non-gift items to their cart as a gift.
References
Configurations
History
27 Sep 2024, 16:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/woocommerce-multiple-free-gift/trunk/lib/WFG_Frontend.class.php#L189 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb9c321-1a2c-4593-9947-2071a908ee1c?source=cve - Third Party Advisory | |
First Time |
Lilmonkee
Lilmonkee woocommerce Multiple Free Gift |
|
Summary |
|
|
CPE | cpe:2.3:a:lilmonkee:woocommerce_multiple_free_gift:*:*:*:*:*:wordpress:*:* |
14 Sep 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-14 03:15
Updated : 2024-09-27 16:43
NVD link : CVE-2022-3459
Mitre link : CVE-2022-3459
CVE.ORG link : CVE-2022-3459
JSON object : View
Products Affected
lilmonkee
- woocommerce_multiple_free_gift
CWE
CWE-639
Authorization Bypass Through User-Controlled Key