Lucene search
WpvulndbWPEX-ID:E72BBE9B-E51D-40AB-820D-404E0CB86EE6HistoryJul 10, 2023 - 12:00 a.m.
WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
2023-07-1000:00:00
wpvulndb
42
woocommerce
pre-orders
arbitrary
canceling
csrf
admin
url
0.0005 Low
EPSS
Percentile
18.0%
The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Make a logged in admin open the URL below (42 being a pre-order to be canceled)
https://example.com/wp-admin/admin.php?page=wc_pre_orders&action=cancel_pre_order&order_id=42Related
cve
cve
CVE-2023-3507
2023-07-31 10:15:10
wpvulndb
wpvulndb
WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
2023-07-10 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-07-31 10:15:00
nvd
nvd
CVE-2023-3507
2023-07-31 10:15:10
cvelist
cvelist
wordfence
wordfence