What is the vulnerability ID of the WooCommerce Pre-Orders WordPress plugin?

The vulnerability ID of the WooCommerce Pre-Orders WordPress plugin is CVE-2023-3508.

What is the severity level of CVE-2023-3508?

The severity level of CVE-2023-3508 is medium with a severity value of 6.5.

Which software version of the WooCommerce Pre-Orders plugin is affected by CVE-2023-3508?

The WooCommerce Pre-Orders plugin version up to and exclusive of 2.0.3 is affected by CVE-2023-3508.

How can I fix the vulnerability represented by CVE-2023-3508 in the WooCommerce Pre-Orders WordPress plugin?

Ensure you have updated the WooCommerce Pre-Orders plugin to version 2.0.3 or higher to fix the vulnerability represented by CVE-2023-3508.

Vulnerability/
CVE-2023-3508

medium

6.5

CWE

352

31/7/2023

2/8/2024

CVE-2023-3508: WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

Q: How does CVE-2023-3508 affect the WooCommerce Pre-Orders WordPress plugin?

CVE-2023-3508 allows attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete, or cancel via CSRF attacks.

First published: Mon Jul 31 2023(Updated: )

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks

Credit: contact@wpscan.com contact@wpscan.com

Affected Software	Affected Version	How to fix
Woocommerce Woocommerce Pre-orders	<2.0.3

Never miss a vulnerability like this again

Reference Links

https://wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738

Frequently Asked Questions

What is the vulnerability ID of the WooCommerce Pre-Orders WordPress plugin?
The vulnerability ID of the WooCommerce Pre-Orders WordPress plugin is CVE-2023-3508.
What is the severity level of CVE-2023-3508?
The severity level of CVE-2023-3508 is medium with a severity value of 6.5.
How does CVE-2023-3508 affect the WooCommerce Pre-Orders WordPress plugin?
CVE-2023-3508 allows attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete, or cancel via CSRF attacks.
Which software version of the WooCommerce Pre-Orders plugin is affected by CVE-2023-3508?
The WooCommerce Pre-Orders plugin version up to and exclusive of 2.0.3 is affected by CVE-2023-3508.
How can I fix the vulnerability represented by CVE-2023-3508 in the WooCommerce Pre-Orders WordPress plugin?
Ensure you have updated the WooCommerce Pre-Orders plugin to version 2.0.3 or higher to fix the vulnerability represented by CVE-2023-3508.

collector/nvd-api
collector/nvd-latest
collector/nvd-index
agent/author
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/title
agent/severity
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/woocommerce
canonical/woocommerce woocommerce pre-orders

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.