CVE-2022-3459

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 14, 2024
CWE ID 639

Summary

CVE-2022-3459 identifies a vulnerability in the WooCommerce Multiple Free Gift plugin for WordPress, affecting all versions up to and including 1.2.3. The vulnerability arises from the lack of server-side checks, allowing unauthenticated attackers to manipulate gift items in shopping carts by adding non-gift products. This could lead to unauthorized discounts or financial losses for organizations using this plugin. Remediation involves updating the plugin to a version that includes necessary server-side validation measures. The vulnerability is rated with a medium severity, indicating potential risks without requiring user interaction or elevated privileges.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share