4 matches found
CVE-2023-2179
The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making...
CVE-2023-2179
The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making...
CVE-2023-2179
CVE-2023-2179 concerns the WooCommerce Order Status Change Notifier WordPress plugin (versions up to 1.1.0). The connected sources confirm a lack of authorization and CSRF protection when performing an AJAX-based order-status update, which is accessible to any authenticated user, potentially enab...
PT-2023-18343 · WordPress · Woocommerce Order Status Change Notifier
Name of the Vulnerable Software and Affected Versions: WooCommerce Order Status Change Notifier WordPress plugin version 1.1.0 and earlier Description: The issue is related to a lack of authorization and CSRF protection when updating order status via an AJAX action, which is available to any...