Security Advisory

CVE-2022-36284

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-05 15:08:51

Last updated 2026-04-28 16:07:44

Assigner Patchstack

State PUBLISHED

Description

Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.

← Browse all CVEs View on cve.org ↗