Lucene search
WpvulndbWPVDB-ID:7AB15530-8321-487D-97A5-1469B51FCC3FHistoryOct 31, 2022 - 12:00 a.m.
Booster for WooCommerce - Checkout Files Deletion via CSRF
2022-10-3100:00:00
wpscan.com
4
woocommerce
csrf attack
checkout files deletion
EPSS
0.001
Percentile
37.9%
The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack
PoC
Requirements: - Enable the “Checkout File Upload” module of the plugin (/wp-admin/admin.php?page=wc-settings&tab;=jetpack&wcj-cat;=dashboard§ion;=all_module) To delete the checkout files from the Order ID 1, Make a logged in shop manager or admin open: https://example.com/wp-admin/?wcj_download_checkout_file_admin_delete_all=1
Related
prion
prion
Cross site request forgery (csrf)
2022-11-21 11:15:00
patchstack
patchstack
cve
cve
CVE-2022-3763
2022-11-21 11:15:21
cnvd
cnvd
wpexploit
wpexploit
Booster for WooCommerce - Checkout Files Deletion via CSRF
2022-10-31 00:00:00
cvelist
cvelist
CVE-2022-3763 Booster for WooCommerce - Checkout Files Deletion via CSRF
2022-11-21 00:00:00
nvd
nvd
CVE-2022-3763
2022-11-21 11:15:21