CVE-2022-0775
WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment DeletionThe WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
We have discovered 227,926 live websites that are affected by CVE-2022-0775.
Affected Software
| Product |  WooCommerce |
| Category | Ecommerce |
| Vulnerable Domains | 227,926 live websites (17% of WooCommerce install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 270 versions ( 63% of all versions) |
Common Weakness Enumeration
CWE-863 Incorrect AuthorizationDetails
- Published - Jan 16, 2024
- Updated - Jun 11, 2025
Credits
- Krzysztof Zając (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-0775 United States | 53,915 websites |
 Germany | 15,408 websites |
 Italy | 12,702 websites |
 France | 12,476 websites |
 Russia | 12,154 websites |
 GB | 11,405 websites |
 Spain | 7,752 websites |
 Vietnam | 7,446 websites |
 Netherlands | 6,297 websites |
 Poland | 5,161 websites |
Website Distribution by TLD
Number of websites using CVE-2022-0775| .com | 98,435 websites |
| .ru | 9,545 websites |
| .it | 8,496 websites |
| .co.uk | 7,040 websites |
| .de | 5,848 websites |
| .org | 5,413 websites |
| .nl | 5,133 websites |
| .fr | 4,429 websites |
| .net | 4,323 websites |
| .com.au | 3,982 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-0775
Top websites that are affected by CVE-2022-0775. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| *****************.com | United States | *,*** | |
| *************.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| *********.com | Netherlands | **,*** | |
| ********.gr |  Greece | **,*** | |
| ************.com | United States | **,*** | |
| *************.net | Vietnam | **,*** | |
| **************.com | United States | **,*** |
FAQ
CVE-2022-0775 is Incorrect Authorization in WooCommerce
A total of 227,926 websites have been identified as vulnerable to CVE-2022-0775, based on global website indexing conducted by WebTechSurvey.
The WooCommerce is affected by the CVE-2022-0775 vulnerability.
WooCommerce versions up to 6.2.1 are vulnerable to CVE-2022-0775.
CVE-2022-0775 is resolved in version 6.2.1 of WooCommerce.