XootiX Plugins - Various Versions CSRF to Arbitrary Options Update

2022-01-1300:00:00

Chloe Chamberland

wpscan.com

0.005 Low

EPSS

Percentile

76.2%

JSON

The plugins Login/Signup Popup, Side Cart Woocommerce, and Waitlist Woocommerce are all vulnerable to cross-site request forgery due to a missing nonce check that would make it possible for attackers to update arbitrary options on a vulnerable WordPress site.

PoC

CPENameOperatorVersion
easy-login-woocommercelt2.3
waitlist-woocommercelt2.5.1
side-cart-woocommercelt2.1

Name	Operator	Version
easy-login-woocommerce	lt	2.3
waitlist-woocommerce	lt	2.5.1
side-cart-woocommerce	lt	2.1

References

www.wordfence.com/blog/2022/01/84000-wordpress-sites-affected-by-three-plugins-with-the-same-vulnerability/

0.005 Low

EPSS

Percentile

76.2%

JSON

Related for WPVDB-ID:35A5247D-B599-4D95-9F08-1324C870F9D2