CVE-2022-2382

CVE-2022-2382: Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

Vendor Unknown

Product Product Slider for WooCommerce

Weakness CWE-862 · Missing authorization

Published August 22, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.

Key dates

02Disclosure timeline

August 22, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2382 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-67956 WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability CVE-2024-10664 Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update CVE-2026-4977 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter CVE-2025-55712 WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 6.3.13 - Broken Access Control Vulnerability CVE-2023-27456 WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation