WordPress Yotpo Reviews for WooCommerce (Unofficial) plugin <= 2.0.4 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

2022-08-0100:00:00

Johannes Gangsö

patchstack.com

0.001 Low

EPSS

Percentile

26.4%

JSON

Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability discovered by Johannes Gangsö in WordPress Yotpo Reviews for WooCommerce (Unofficial) plugin (versions <= 2.0.4).

Solution

Deactivate and delete. This plugin has been closed as of July 27, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
yotpo reviews for woocommerce (unofficial)le2.0.4

CPE	Name	Operator	Version
	yotpo reviews for woocommerce (unofficial)	le	2.0.4

References

wpscan.com/vulnerability/7ec9e493-bc48-4a5d-8c7e-34beaba892ae

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for PATCHSTACK:FF8727F08773A459C535458C155D1179