PT-2024-16484 · WordPress · Woocommerce Report

🗓️ 05 Nov 2024 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

WooCommerce Report for WordPress up to 1.5.1 has cross-site request forgery via missing nonce on settings.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-10711	5 Nov 202411:21	–	circl
CNNVD	WordPress plugin WooCommerce Report 跨站请求伪造漏洞	5 Nov 202400:00	–	cnnvd
CVE	CVE-2024-10711	5 Nov 202408:31	–	cve
Cvelist	CVE-2024-10711 WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update	5 Nov 202408:31	–	cvelist
EUVD	EUVD-2024-33257	3 Oct 202520:07	–	euvd
NVD	CVE-2024-10711	5 Nov 202409:15	–	nvd
Patchstack	WordPress WooCommerce Report Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)	4 Nov 202400:00	–	patchstack
Patchstack	WordPress WooCommerce Report plugin <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability	4 Nov 202420:54	–	patchstack
RedhatCVE	CVE-2024-10711	5 Feb 202504:59	–	redhatcve
Vulnrichment	CVE-2024-10711 WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update	5 Nov 202408:31	–	vulnrichment

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-10711
plugins	www.plugins.trac.wordpress.org/changeset/3181117
ithemelandco	www.ithemelandco.com/docs/woocommerce-report
twitter	www.twitter.com/transilienceai/status/1855298069908373537
t	www.t.me/latest_high_impact_cve/1455
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/d1d21339-3a86-4bee-be86-2d2ab9190b26
twitter	www.twitter.com/transilienceai/status/1855298050559979631
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
twitter	www.twitter.com/transilienceai/status/1855298029261340782
plugins	www.plugins.trac.wordpress.org/browser/ithemelandco-woo-report/trunk/class/setting_report.php

18 Nov 2024 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18.8

EPSS0.00311

SSVC

WordPress WooCommerce Cross Site Forgery Settings update Privilege escalation