WordPress Plugin Vulnerabilities

Quotes for WooCommerce < 2.0.2 - Quote Status Update / Quote Sending via CSRF

Description

The plugin does not have CSRF checks when updating quote status and send quotes, which could allow attackers to make logged in admins perform such actions via CSRF attacks

Affects Plugins

Plugin icon
quotes-for-woocommerce
Fixed in 2.0.2

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6954364e-567c-407c-afc6-983b7257cc88

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
2e6f070e-0f78-4e58-8151-85070db64eb1

Timeline

Publicly Published
2023-11-30 (about 2 years ago)
Added
2024-01-31 (about 2 years ago)
Last Updated
2024-01-31 (about 2 years ago)

Other

Published
Title
Published
2024-02-27
Title
Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Plugin Activation via CSRF
Published
2024-02-20
Title
Database Reset < 3.23 - Cross-Site Request Forgery to WP Reset Plugin Installation
Published
2024-12-11
Title
AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot < 1.6.3 - Cross-Site Request Forgery via update_integration_option
Published
2023-01-18
Title
Custom 404 Pro < 3.7.2 - Logs Deletion via CSRF
Published
2025-03-28
Title
Usermaven < 1.2.2 - Cross-Site Request Forgery