WordPress Plugin Vulnerabilities

WooCommerce Weight Based Shipping < 5.5.0 - Settings Update via CSRF

Description

The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

Affects Plugins

Plugin icon
weight-based-shipping-for-woocommerce
Fixed in 5.5.0

References

CVE
CVE-2022-46794

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
1ce5ffa7-8ee5-4419-8bff-48fcb4a25aaa

Timeline

Publicly Published
2023-03-17 (about 3 years ago)
Added
2023-05-24 (about 2 years ago)
Last Updated
2023-06-09 (about 2 years ago)

Other

Published
Title
Published
2025-08-15
Title
WP Discord Post Plus <= 1.0.2 - Cross-Site Request Forgery
Published
2025-02-20
Title
WPUpper Share Buttons < 3.52 - Cross-Site Request Forgery to Custom CSS Update
Published
2020-05-25
Title
Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues
Published
2023-05-16
Title
Contact Form by Supsystic < 1.7.25 - CSRF
Published
2025-01-24
Title
Attire Blocks < 1.9.7 - Cross-Site Request Forgery