exploitDog

GHSA-rfj8-v7wf-3hfc

Опубликовано: 03 апр. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6.8

Описание

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.

Ссылки

EPSS

Процентиль: 36%

0.0015

Низкий

6.8 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-2322

CVSS3: 6.8

nvd

почти 2 года назад

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.

EPSS

Процентиль: 36%

0.0015

Низкий

6.8 Medium

CVSS3

CVE ID

Дефекты

CWE-352