Lucene search
WpvulndbWPVDB-ID:047E0954-53CD-4F7C-AF3F-F24F1B0DFC33HistoryNov 28, 2023 - 12:00 a.m.
Decorator - WooCommerce Email Customizer < 1.2.8 - Cross-Site Request Forgery
2023-11-2800:00:00
wpscan.com
34
wordpress
cross-site request forgery
plugin vulnerability
unauthenticated attackers
nonce validation
Description The Decorator – WooCommerce Email Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing nonce validation on several functions such as ajax_reset(), wt_decorator_button_text(), wt_decorator_set_as_default(), and more. This makes it possible for unauthenticated attackers to modify several settings from the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.2.8 |
Related
prion
prion
Cross site request forgery (csrf)
2023-11-30 13:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-48284
2023-11-30 13:15:08
cve
cve
CVE-2023-48284
2023-11-30 13:15:08
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
24.3%
Related for WPVDB-ID:047E0954-53CD-4F7C-AF3F-F24F1B0DFC33