3 matches found
CVE-2023-4161
CVE-2023-4161 concerns the WordPress plugin WooCommerce PDF Invoice Builder . Multiple sources confirm a Cross‑Site Request Forgery (CSRF) vulnerability caused by a missing nonce check in the SaveCustomField function, affecting versions up to and including 1.2.90. Unauthenticated attackers could ...
CVE-2023-4161 WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation
The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...
WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.90 is vulnerable to Cross Site Request Forgery (CSRF)
Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.90 Fixed in 1.2.91 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4161 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID 9cbed5bb67a7 Credits Marco...