Lucene search

K
wpvulndbWpvulndbWPVDB-ID:59E90B6C-3106-4F7E-B4D6-88B12C01920B
HistoryJan 20, 2024 - 12:00 a.m.

Customer Reviews for WooCommerce < 5.38.2 - Cross-Site Request Forgery via manual review reminders

2024-01-2000:00:00
wpscan.com
1
cross-site request forgery
woocommerce
manual review reminders
security vulnerability
nonce validation

6.7 Medium

AI Score

Confidence

Low

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to 5.38.2 (exclusive). This is due to missing or incorrect nonce validation on the manual_review_reminder, manual_wa_review_reminder, and manual_review_reminder_conf functions. This makes it possible for unauthenticated attackers to configure and send manual review reminders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CPENameOperatorVersion
eq5.38.2

6.7 Medium

AI Score

Confidence

Low