CVE-2022-36284

Name of the Vulnerable Software and Affected Versions StoreApps Affiliate For WooCommerce premium plugin versions <= 4.7.0

Description The issue allows an attacker to change the PayPal email due to an authenticated IDOR vulnerability. This can be exploited when the WooCommerce PayPal Payments plugin is installed, as it adds an extra input field on the user profile page.

Recommendations For StoreApps Affiliate For WooCommerce premium plugin versions <= 4.7.0, update to a version greater than 4.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the user profile page or removing the WooCommerce PayPal Payments plugin to minimize the risk of exploitation.