CVE-2023-2329: WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF
First published: Mon Jul 17 2023(Updated: )
The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gsheetconnector WooCommerce Google Sheet Connector | <=1.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-2329?
CVE-2023-2329 has a moderate severity level due to the potential for unauthorized access code changes through a CSRF attack.
How do I fix CVE-2023-2329?
To fix CVE-2023-2329, update the WooCommerce Google Sheet Connector plugin to version 1.3.6 or later.
Who is affected by CVE-2023-2329?
Users of the WooCommerce Google Sheet Connector WordPress plugin version 1.3.4 or earlier are affected by CVE-2023-2329.
What type of attack does CVE-2023-2329 involve?
CVE-2023-2329 involves a Cross-Site Request Forgery (CSRF) attack that can exploit the lack of CSRF checks.
What can attackers do with CVE-2023-2329?
With CVE-2023-2329, attackers can change the access code to an arbitrary one if they manage to execute a CSRF attack on a logged-in admin.
- collector/nvd-latest
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/gsheetconnector
- canonical/gsheetconnector woocommerce google sheet connector
- version/gsheetconnector woocommerce google sheet connector/1.3.4