WooCommerce Product Attachment < 2.2.0 - Checkout Attachements Update via CSRF

Description The plugin does not have CSRF check when saving checkout attachements, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2023-40212

Cross-Site Request Forgery CSRF vulnerability in theDotstore Product Attachment for WooCommerce plugin = 2.1.8 versions...

CVE-2023-40212

Cross-Site Request Forgery CSRF vulnerability in theDotstore Product Attachment for WooCommerce plugin = 2.1.8 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in theDotstore Product Attachment for WooCommerce plugin = 2.1.8 versions...

CVE-2023-40212 WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in theDotstore Product Attachment for WooCommerce plugin = 2.1.8 versions...

CVE-2023-40212

The CVE-2023-40212 entry concerns the WordPress plugin WooCommerce Product Attachment (theDotstore)

WordPress Plugin Product Attachment for WooCommerce Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-27330 · Woocommerce · Thedotstore Product Attachment For Woocommerce

Name of the Vulnerable Software and Affected Versions: theDotstore Product Attachment for WooCommerce plugin versions = 2.1.8 Description: A Cross-Site Request Forgery CSRF issue affects the plugin, allowing unauthorized actions to be performed on behalf of authenticated users. This can lead to...

WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Product Attachment Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40212 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8ec007daa0bf Credits Mika...

WordPress WooCommerce Product Attachment Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Product Attachment Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cc57fb8c0339 Credits Rafie Muhammad...

WordPress WooCommerce Product Attachment plugin <= 2.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WooCommerce Product Attachment plugin versions = 2.1.2. Solution Update the WordPress WooCommerce Product Attachment plugin to the latest available version at least 2.1.3...

WordPress WooCommerce Product Attachment plugin <= 2.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Product Attachment plugin versions = 2.1.2. Solution Update the WordPress WooCommerce Product Attachment plugin to the latest available version at least 2.1.3...

WordPress WooCommerce Product Attachment plugin <= 1.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by ThreatPress Research Team in WordPress WooCommerce Product Attachment plugin versions = 1.1.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...