CVE-2024-2262 WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF

2024-04-0105:00:01

WPScan

www.cve.org

woocommerce

product filter

csrf

themify

wordpress plugin

csrf attack

filter deletion

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Themify ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.4.4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/30544377-b90d-4762-b38a-ec89bda0dfdc/