EUVD-2018-3656

Malware in sbrugna...

CVE-2018-11633

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings. The function...

WordPress Woo Checkout for Digital Goods plugin <= 2.1 - Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability found by ThreatPress Research Team in WordPress Woo Checkout for Digital Goods plugin versions = 2.1. Solution Update the WordPress Woo Checkout for Digital Goods plugin to the latest available version at least 2.2...

CVE-2018-11633

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings. The function...

Cross site request forgery (csrf)

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings. The function...

CVE-2018-11633

The CVE-2018-11633 issue affects the MULTIDOTS Woo Checkout for Digital Goods plugin for WordPress (version 2.1). The vulnerability stems from the function woo_checkout_settings_page in class-woo-checkout-for-digital-goods-admin.php not validating CSRF against wp-admin/admin-post.php and lacking ...