Lucene search

[email protected]NVD:CVE-2023-3508

HistoryJul 31, 2023 - 10:15 a.m.

CVE-2023-3508

2023-07-3110:15:10

[email protected]

web.nvd.nist.gov

woocommerce

pre-orders

csrf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.5%

JSON

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks

Affected configurations

Nvd

Node

woocommercewoocommerce_pre-ordersRange<2.0.3wordpress

VendorProductVersionCPE
woocommercewoocommerce_pre-orders*cpe:2.3:a:woocommerce:woocommerce_pre-orders:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
woocommerce	woocommerce_pre-orders	*	cpe:2.3:a:woocommerce:woocommerce_pre-orders::::::wordpress::*

References

wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.5%

JSON

Related for NVD:CVE-2023-3508

wpexploit1 wpvulndb1 prion1 cve1 cvelist1 wordfence1