exploitDog

GHSA-wq2f-vmcc-p4fr

Опубликовано: 31 июл. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack

Ссылки

EPSS

Процентиль: 21%

0.00067

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2023-3507

CVSS3: 6.5

nvd

больше 2 лет назад

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack

EPSS

Процентиль: 21%

0.00067

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352