First published: Mon Jul 31 2023(Updated: )
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Woocommerce Woocommerce Pre-orders | <2.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw is CVE-2023-3507.
The severity of CVE-2023-3507 is medium with a CVSS score of 6.5.
The WooCommerce Pre-Orders WordPress plugin versions up to 2.0.3 are affected by CVE-2023-3507.
Attackers can exploit CVE-2023-3507 by performing a CSRF attack to make logged in admins cancel arbitrary pre-orders.
The WooCommerce Pre-Orders WordPress plugin version 2.0.3 includes a fix for CVE-2023-3507.