Description
WordPress Plugin WooCommerce is prone to multiple vulnerabilities, including directory traversal and security bypass vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that could aid in further attacks, or to perform otherwise restricted actions and subsequently delete arbitrary comment. WordPress Plugin WooCommerce version 6.2.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.2.1 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:B76DBF37-A0A2-48CF-BD85-3EBBC2F394DD
https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/
Related Vulnerabilities
WordPress Plugin Easy Author Image Information Disclosure (1.5)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-1402)
MySQL CVE-2014-2419 Vulnerability (CVE-2014-2419)
WordPress CVE-2020-28039 Vulnerability (CVE-2020-28039)
Claroline Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3716)