RestroPress < 2.8.3 - Cart Manipulation via CSRF
The plugin does not properly check for CSRF in some of its AJAX calls, allowing attackers to make users do unwanted actions, such as add arbitrary products to their cart, or empty it completely To clear the cart of the current user authenticated or not:...