Description The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the process_bulk_action() function. This makes it possible for unauthenticated attackers to perform unauthorized bulk actions like deleting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-6625 appears to be a potential duplicate of this.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 3.1 |