12 matches found
CVE-2024-1747
The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Stored Cross-Site Scripting due to the lack o...
CVE-2024-1747
CVE-2024-1747 concerns the WooCommerce Customers Manager WordPress plugin. Multiple sources (NVD/Red Hat/CVE records) describe that products before version 30.2 suffer from missing authorization checks and CSRF protections in various AJAX actions, allowing authenticated users (e.g., subscribers) ...
BIT-MAGENTO-2021-21027 Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification
Magento versions 2.4.1 and earlier, 2.4.0 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin...
GHSA-H4XC-577P-HGJ9 Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...
CVE-2021-21027
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...
CVE-2021-21027
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...
Cross site request forgery (csrf)
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...
CVE-2021-21027 Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...
CVE-2021-21027
CVE-2021-21027 is a Magento CSRF vulnerability affecting Magento Open Source/Commerce 2.x (2.4.1 and earlier, 2.4.0-p1 and earlier, 2.3.6 and earlier). It allows an unauthenticated attacker to trigger cross-site request forgery via the GraphQL API, potentially modifying customer metadata without ...
Adobe Magento Cross-Site Request Forgery Vulnerability
Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...
Adobe Magento 跨站请求伪造漏洞
Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...
PT-2021-2305 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation coul...