CVE-2022-0775: 
WordPress vulnerability analysis and mitigation

The WooCommerce WordPress plugin before version 6.2.1 contains a security vulnerability identified as CVE-2022-0775. This vulnerability stems from improper authorization checks when deleting reviews, which could allow any authenticated users, including those with subscriber-level privileges, to delete arbitrary comments. The vulnerability was discovered and reported by Krzysztof Zając and was fixed in WooCommerce version 6.2.1, released on February 22, 2022 (WooCommerce Release, WPScan).

The vulnerability is classified as an Incorrect Authorization issue (CWE-863) with a CVSS v3.1 base score of 4.3 (Medium). The vulnerability exists in the REST API endpoints for product reviews, where the authorization check for delete operations was improperly implemented. This allows authenticated users with privileges as low as Subscriber to delete any comment in the system (WPScan).

When exploited, this vulnerability allows any authenticated user to delete arbitrary comments, product reviews, or order notes from the WooCommerce system, regardless of their permission level. This could lead to loss of valuable customer feedback and potential disruption of the e-commerce platform's review system (WPScan).

The recommended mitigation is to update WooCommerce to version 6.2.1 or later, which includes the security fix for this vulnerability. The fix implements proper authorization checks for review deletion operations (WooCommerce Release).