Lucene search
WpvulndbWPVDB-ID:9B77044C-FD3F-4E6F-A759-DCC3082DCBD6HistoryNov 21, 2022 - 12:00 a.m.
Booster for WooCommerce - Custom Role Creation/Deletion via CSRF
2022-11-2100:00:00
wpscan.com
10
woocommerce
csrf
custom roles
security plugin
EPSS
0.001
Percentile
34.1%
The plugins does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks
PoC
To delete the custom role dj (it’s possible to delete roles created by other plugins), make a logged in admin open https://example.com/wp-admin/admin.php?page=wcj-tools&tab;=custom_roles&wcj;_delete_role=dj To create a custom role, make a logged in admin open a page containing the HTML code below
Related
nvd
nvd
CVE-2022-4016
2022-12-12 18:15:13
cvelist
cvelist
cve
cve
CVE-2022-4016
2022-12-12 18:15:13
wpexploit
wpexploit
Booster for WooCommerce - Custom Role Creation/Deletion via CSRF
2022-11-21 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-12-12 18:15:00