Lucene search
WpvulndbWPVDB-ID:8BC00327-0CD8-49C9-A2DA-76FA548BEFE0HistoryDec 09, 2023 - 12:00 a.m.
Product Enquiry for WooCommerce < 3.1 - Cross-Site Request Forgery
2023-12-0900:00:00
wpscan.com
7
wordpress
woocommerce
cross-site request forgery
vulnerability
csrf
nonce validation
unauthenticated attackers
unauthorized bulk actions
Description The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the process_bulk_action() function. This makes it possible for unauthenticated attackers to perform unauthorized bulk actions like deleting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-6625 appears to be a potential duplicate of this.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.1 |
Related
prion
prion
Cross site request forgery (csrf)
2023-12-18 23:15:00
Cross site request forgery (csrf)
2024-01-22 20:15:00
cve
cve
CVE-2023-49761
2023-12-18 23:15:09
CVE-2023-6625
2024-01-22 20:15:47
cvelist
cvelist
nvd
nvd
CVE-2023-49761
2023-12-18 23:15:09
CVE-2023-6625
2024-01-22 20:15:47
wpexploit
wpexploit
Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
2023-12-28 00:00:00
wpvulndb
wpvulndb
Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
2023-12-28 00:00:00
wordfence
wordfence
8.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.3%
Related for WPVDB-ID:8BC00327-0CD8-49C9-A2DA-76FA548BEFE0