The plugin does not have CSRF check when toggling ruleset, which could allow attackers to make logged in users with the manage_woocommerce capability perform such action via a CSRF attack
CPE | Name | Operator | Version |
---|---|---|---|
conditional-shipping-for-woocommerce | lt | 2.3.2 |