CVE-2023-3508 WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

2023-07-3109:37:37

WPScan

www.cve.org

woocommerce

pre-orders

csrf

wordpress

vulnerability

attackers

admins

pre-orders customer

released date

complete

cancel

EPSS

0.001

Percentile

30.5%

JSON

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WooCommerce Pre-Orders",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.0.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738

EPSS

0.001

Percentile

30.5%

JSON

Related for CVELIST:CVE-2023-3508