CVE-2023-3507 WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

2023-07-3109:37:37

WPScan

www.cve.org

cve-2023-3507

woocommerce

pre-orders

csrf

wordpress

vulnerability

admins

attack

0.0005 Low

EPSS

Percentile

18.0%

JSON

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WooCommerce Pre-Orders",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.0.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/e72bbe9b-e51d-40ab-820d-404e0cb86ee6

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for CVELIST:CVE-2023-3507