CVE-2023-3764 in WooCommerce PDF Invoice Builder Plugininfo

Zusammenfassung

von MITRE • 31.08.2023

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

Wordfence

Reservieren

18.07.2023

Veröffentlichung

31.08.2023

Moderieren

akzeptiert

Eintrag

VDB-237018

CPE

bereit

EPSS

0.00245

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!