Lucene search
Veracode Vulnerability DatabaseVERACODE:25729HistoryJun 22, 2020 - 4:43 a.m.
Cross-site Request Forgery (CSRF)
2020-06-2204:43:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.001
Percentile
41.1%
WooCommerce is vulnerable to cross-site request forgery (CSRF). The attack exists because it does not check the .csv file imports in includes/admin/importers/class-wc-product-csv-importer-controller.php, allowing an attacker to provide malicious inputs and valid nonce to lead to the attack.
Related
osv
osv
CVE-2019-20891
2020-06-19 21:15:10
WooCommerce Cross-Site Request Forgery (CSRF)
2022-05-24 17:21:15
cvelist
cvelist
CVE-2019-20891
2020-06-19 20:35:57
cve
cve
CVE-2019-20891
2020-06-19 21:15:10
prion
prion
Cross site request forgery (csrf)
2020-06-19 21:15:00
github
github
WooCommerce Cross-Site Request Forgery (CSRF)
2022-05-24 17:21:15
nvd
nvd
CVE-2019-20891
2020-06-19 21:15:10