Lucene search
Bob MatyasWPVDB-ID:D483F7CE-CB3F-4FCB-B060-005CEC0EA10FHistoryDec 28, 2023 - 12:00 a.m.
Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
2023-12-2800:00:00
Bob Matyas
wpscan.com
5
woocommerce
csrf
enquiry deletion
Description The plugin does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack
PoC
1. Make an enquiry from the frontend form 2. Go to “Woo Quote Popup > Enquiry List” 3. Get the ID of an item 4. Add the ID to the following HTML: 5. See that the item has been deleted.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.1 |
Related
prion
prion
Cross site request forgery (csrf)
2024-01-22 20:15:00
cvelist
cvelist
wpexploit
wpexploit
Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
2023-12-28 00:00:00
nvd
nvd
CVE-2023-6625
2024-01-22 20:15:47
cve
cve
CVE-2023-6625
2024-01-22 20:15:47
wpvulndb
wpvulndb
Product Enquiry for WooCommerce < 3.1 - Cross-Site Request Forgery
2023-12-09 00:00:00
6.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for WPVDB-ID:D483F7CE-CB3F-4FCB-B060-005CEC0EA10F