exploitDog

GHSA-q27x-qpp2-53pw

Опубликовано: 17 июл. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

Ссылки

EPSS

Процентиль: 32%

0.00121

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2023-2329

CVSS3: 8.8

nvd

больше 2 лет назад

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

EPSS

Процентиль: 32%

0.00121

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352