CVE-2023-6625 Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack...

PT-2024-15028 · WordPress · Product Enquiry For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Enquiry for WooCommerce WordPress plugin versions prior to 3.1 Description: The issue is related to the lack of a CSRF check when deleting inquiries, which could allow attackers to make a logged-in admin delete them via a CSRF attack...