PT-2022-19152 · Yikes · Yikes Inc. Custom Product Tabs For Woocommerce
Nguyen Anh Tien
·
Published
2022-07-21
·
Updated
2025-12-01
·
CVE-2022-28666
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
YIKES Inc. Custom Product Tabs for WooCommerce plugin version 1.7.7 and earlier
Description
The issue is related to a Broken Access Control vulnerability, which allows for the update of the
yikes-the-content-toggle option. This vulnerability affects the YIKES Inc. Custom Product Tabs for WooCommerce plugin at WordPress.Recommendations
For YIKES Inc. Custom Product Tabs for WooCommerce plugin version 1.7.7 and earlier, update to a version later than 1.7.7 to resolve the issue. As a temporary workaround, consider restricting access to the
yikes-the-content-toggle option to minimize the risk of exploitation.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yikes Inc. Custom Product Tabs For Woocommerce