Advanced Coupons for WooCommerce Coupons < 4.5.0.1 - Notice Dismiss via CSRF

2022-11-30T00:00:00

Description

The plugin does not have CSRF check when dismissing notices, which could allow attackers to make logged in users dismiss the Getting Started notice via a CSRF attack

Affected Software

CPE Name	Name	Version
	advanced-coupons-for-woocommerce-free	4.5.0.1

{"id": "WPVDB-ID:0A6DADD1-13C9-42DA-9E59-127F60D2C1BA", "vendorId": null, "type": "wpvulndb", "bulletinFamily": "software", "title": "Advanced Coupons for WooCommerce Coupons < 4.5.0.1 - Notice Dismiss via CSRF", "description": "The plugin does not have CSRF check when dismissing notices, which could allow attackers to make logged in users dismiss the Getting Started notice via a CSRF attack\n", "published": "2022-11-30T00:00:00", "modified": "2022-11-08T22:24:01", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://wpscan.com/vulnerability/0a6dadd1-13c9-42da-9e59-127f60d2c1ba", "reporter": "wpvulndb", "references": [], "cvelist": ["CVE-2022-43481"], "immutableFields": [], "lastseen": "2022-11-16T02:28:21", "viewCount": 17, "enchantments": {"score": {"value": 5.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-43481"]}, {"type": "patchstack", "idList": ["PATCHSTACK:8EF779DF6B51018D08B3EF01D5FFAF6E"]}]}, "affected_software": {"major_version": [{"name": "advanced-coupons-for-woocommerce-free", "version": 4}]}, "vulnersScore": 5.4}, "_state": {"score": 1668566113, "dependencies": 1668565797, "affected_software_major_version": 1668566117}, "_internal": {"score_hash": "f19ea5c8b69ed4b0996a6b41b38cf1fe"}, "affectedSoftware": [{"version": "4.5.0.1", "operator": "lt", "name": "advanced-coupons-for-woocommerce-free"}], "exploit": "", "sourceData": "", "generation": 0}

{"patchstack": [{"lastseen": "2022-11-09T18:02:06", "description": "Cross-Site Request Forgery (CSRF) vulnerability leading to Notice Dismissal discovered by Muhammad Daffa (Patchstack Alliance) in WordPress Advanced Coupons for WooCommerce Coupons plugin (versions <= 4.5).\n\n## Solution\n\n\r\n Update the WordPress Advanced Coupons for WooCommerce Coupons plugin to the latest available version (at least 4.5.0.1).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-10-30T00:00:00", "type": "patchstack", "title": "WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.5 - Cross-Site Request Forgery (CSRF) vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43481"], "modified": "2022-10-30T00:00:00", "id": "PATCHSTACK:8EF779DF6B51018D08B3EF01D5FFAF6E", "href": "https://patchstack.com/database/vulnerability/advanced-coupons-for-woocommerce-free/wordpress-advanced-coupons-for-woocommerce-coupons-plugin-4-5-cross-site-request-forgery-csrf-vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-11-09T15:43:34", "description": "Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-11-08T19:15:00", "type": "cve", "title": "CVE-2022-43481", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-43481"], "modified": "2022-11-09T13:54:00", "cpe": ["cpe:/a:rymera:advanced_coupons:4.5"], "id": "CVE-2022-43481", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43481", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:a:rymera:advanced_coupons:4.5:*:*:*:*:wordpress:*:*"]}]}

Advanced Coupons for WooCommerce Coupons &lt; 4.5.0.1 - Notice Dismiss via CSRF

Description

Affected Software

Related

Advanced Coupons for WooCommerce Coupons < 4.5.0.1 - Notice Dismiss via CSRF