8.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.3%
Description The plugin does not have CSRF check in its fodw_save_discount() function, which could allow attackers to make logged in admins update discounts via a CSRF attack
patchstack.com/database/vulnerability/first-order-discount-woocommerce/wordpress-first-order-discount-woocommerce-plugin-1-21-cross-site-request-forgery-csrf-vulnerability