Lucene search
WpvulndbWPVDB-ID:A91620AA-92B8-45BC-A0A7-D6CC9EF11088HistoryOct 10, 2023 - 12:00 a.m.
Order Delivery Date for WP e-Commerce <= 1.2 - Settings Update via CSRF
2023-10-1000:00:00
wpscan.com
5
plugin
csrf attack
admin changes
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Related
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2023-10-10 09:15:00
nvd
nvd
CVE-2023-41858
2023-10-10 09:15:10
cve
cve
CVE-2023-41858
2023-10-10 09:15:10
wordfence
wordfence
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.3%
Related for WPVDB-ID:A91620AA-92B8-45BC-A0A7-D6CC9EF11088