WordPress Plugin Vulnerabilities

WooCommerce < 8.6.0 - Cross-Site Request Forgery

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.

Affects Plugins

Plugin icon
woocommerce
Fixed in 8.6.0

References

CVE
CVE-2024-22155
URL
https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
14d03287-6571-46d3-89af-0ad64dad6d33

Timeline

Publicly Published
2024-04-05 (about 1 year ago)
Added
2024-04-12 (about 1 year ago)
Last Updated
2024-04-12 (about 1 year ago)

Other

Published
Title
Published
2024-12-12
Title
XPD Reduce Image Filesize <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-09-22
Title
Brands for WooCommerce < 3.8.2.3 - Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval
Published
2025-03-11
Title
Rankchecker.io Integration <= 1.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-01
Title
Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-02-12
Title
Post SMTP Mailer/Email Log < 2.0.21 - CSRF Nonce Bypass