The plugin does not have CSRF checks in numerous AJAX actions, allowing any attackers to make logged in admin modify knowledge bases/notices/payments, manage vendors/capabilities etc via CSRF attacks
CPE | Name | Operator | Version |
---|---|---|---|
wc-frontend-manager | lt | 6.6.0 |