Remove Add to Cart WooCommerce < 1.4.5 – Settings Update via CSRF | CVE 2023-46629

Affects Plugins

Fixed in 1.4.5

References

CVE

CVE-2023-46629

URL

https://patchstack.com/database/vulnerability/remove-add-to-cart-woocommerce/wordpress-remove-add-to-cart-woocommerce-plugin-1-4-4-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

qilin_99

Verified

No

WPVDB ID

2ec1340e-3880-4cc0-95b9-3a22925f01c9

Timeline

Publicly Published

2023-10-25 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-03-14 (about 2 years ago)

Other

Published

Title

Published

2025-09-05

Title

Enable Latex <= 1.2.16 - Cross-Site Request Forgery

Published

2023-11-02

Title

WP Google My Business Auto Publish < 3.8 - Multiple CSRF

Published

2024-07-08

Title

Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload

Published

2024-08-05

Title

Shield Security < 20.0.6 - Reflected XSS

Published

2021-08-23

Title

Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF