The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-07-31T09:37:37.921Z
Updated: 2023-07-31T09:37:37.921Z
Reserved: 2023-07-04T18:11:44.617Z
Link: CVE-2023-3508
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-31T10:15:10.923
Modified: 2023-11-07T04:18:53.553
Link: CVE-2023-3508
JSON object: View
Redhat Information
No data.
CWE
No CWE.