CVE-2024-30518

2024-03-2916:15:11

CWE-352

[email protected]

web.nvd.nist.gov

cross-site request forgery

vulnerability

themelocation

woocommerce

checkout fields editor

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

9.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.

Affected configurations

Vulners

Node

themelocationremove_add_to_cart_woocommerceRange≤1.3.0

VendorProductVersionCPE
themelocationremove_add_to_cart_woocommerce*cpe:2.3:a:themelocation:remove_add_to_cart_woocommerce:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
themelocation	remove_add_to_cart_woocommerce	*	cpe:2.3:a:themelocation:remove_add_to_cart_woocommerce::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "add-fields-to-checkout-page-woocommerce",
    "product": "Custom WooCommerce Checkout Fields Editor",
    "vendor": "ThemeLocation",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.3.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/add-fields-to-checkout-page-woocommerce/wordpress-custom-woocommerce-checkout-fields-editor-plugin-1-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve