CVE-2023-5979 eCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF

2023-12-0421:27:37

WPScan

www.cve.org

cve-2023-5979

ecommerce

wordpress

csrf

vulnerability

0.0005 Low

EPSS

Percentile

17.9%

JSON

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "eCommerce Product Catalog Plugin for WordPress",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.3.26"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4

0.0005 Low

EPSS

Percentile

17.9%

JSON

Related for CVELIST:CVE-2023-5979