2 matches found
CVE-2020-36748
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handleorderexport function. This makes it possible for unauthenticated attackers to trigger an order export via a forged...
CVE-2020-36748
Affected software: Dokan plugin for WordPress, versions up to 3.0.8. Root cause: missing/incorrect nonce validation on handle_order_export() leads to CSRF. Impact: unauthenticated attackers can trigger an order export by tricking an admin into performing a forged request. Exploit details: any exp...