31/7/2023
2/8/2024
CVE-2023-3508: WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
First published: Mon Jul 31 2023(Updated: )
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|
Woocommerce Woocommerce Pre-orders | <2.0.3 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the WooCommerce Pre-Orders WordPress plugin?
The vulnerability ID of the WooCommerce Pre-Orders WordPress plugin is CVE-2023-3508.
What is the severity level of CVE-2023-3508?
The severity level of CVE-2023-3508 is medium with a severity value of 6.5.
How does CVE-2023-3508 affect the WooCommerce Pre-Orders WordPress plugin?
CVE-2023-3508 allows attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete, or cancel via CSRF attacks.
Which software version of the WooCommerce Pre-Orders plugin is affected by CVE-2023-3508?
The WooCommerce Pre-Orders plugin version up to and exclusive of 2.0.3 is affected by CVE-2023-3508.
How can I fix the vulnerability represented by CVE-2023-3508 in the WooCommerce Pre-Orders WordPress plugin?
Ensure you have updated the WooCommerce Pre-Orders plugin to version 2.0.3 or higher to fix the vulnerability represented by CVE-2023-3508.
- collector/nvd-api
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/woocommerce
- canonical/woocommerce woocommerce pre-orders
Contact
SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.coBy using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203