Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:E72BBE9B-E51D-40AB-820D-404E0CB86EE6
HistoryJul 10, 2023 - 12:00 a.m.

WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

2023-07-1000:00:00
wpscan.com
3
woocommerce
pre-orders
csrf
flawed check
arbitrary canceling
attackers

0.0005 Low

EPSS

Percentile

18.0%

JSON

The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack

PoC

Make a logged in admin open the URL below (42 being a pre-order to be canceled) https://example.com/wp-admin/admin.php?page=wc_pre_orders&amp;action;=cancel_pre_order&amp;order;_id=42

CPENameOperatorVersion
woocommerce-pre-orderslt2.0.3

Related

cve 1
wpexploit 1
prion 1
nvd 1
cvelist 1
wordfence 1
cve
cve
CVE-2023-3507
2023-07-31 10:15:10
wpexploit
wpexploit
WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
2023-07-10 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-07-31 10:15:00
nvd
nvd
CVE-2023-3507
2023-07-31 10:15:10
cvelist
cvelist
CVE-2023-3507 WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
2023-07-31 09:37:37
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)
2023-07-20 13:29:41

0.0005 Low

EPSS

Percentile

18.0%

JSON
Related for WPVDB-ID:E72BBE9B-E51D-40AB-820D-404E0CB86EE6
cve1wpexploit1prion1nvd1cvelist1wordfence1