2 matches found
CVE-2022-4426 Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF
The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack...
CVE-2022-4426
The CVE covers the Mautic Integration for WooCommerce WordPress plugin prior to version 1.0.3, where updates to settings lack proper CSRF checks and do not validate that updated options belong to the plugin. This enables a logged-in administrator to change arbitrary blog options via a CSRF attack...