CVE-2022-0775

WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion

The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

We have discovered 428,468 live websites that are affected by CVE-2022-0775.

Affected Software


Product	WooCommerce
Category	Ecommerce
Vulnerable Versions	from 0 before 6.2.1
Total Vulnerable Versions	582
Vulnerable Domains	428,468 live websites (33.16% of WooCommerce install base)

Common Weakness Enumeration

CWE-863 Incorrect Authorization

Available Reports

Website List

Details

Published - Jan 16, 2024
Updated - Jan 16, 2024

Credits

Krzysztof Zając (finder)
WPScan (coordinator)

CWE

CWE-863

CVE References

CWE References

cwe.mitre.org

Countries

United States	103,425 websites

Italy	23,149 websites
Germany	22,958 websites
France	22,811 websites
Russia	20,541 websites
GB	19,929 websites
Spain	15,105 websites
Vietnam	13,977 websites
Netherlands	11,774 websites
Australia	10,233 websites

TLDs

.com	193,410 websites
.ru	16,068 websites
.it	14,877 websites
.co.uk	11,562 websites
.de	10,909 websites
.org	10,865 websites
.nl	8,960 websites
.fr	8,372 websites
.net	8,220 websites
.com.br	7,814 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

Websites affected by CVE-2022-0775

Top websites that are affected by CVE-2022-0775. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*.*.com	United States	,**
*.*********.com	Italy	,**
***********.com	United States	,**
*****************.com	United States	,**
*.***********.com	United States	,**
***.com	United States	,**
*********.com	United States	,**
*******.com	United States	,**
*.********.com	United States	,**
*********.com	Netherlands	,*

See full domain list