WooCommerce Product Filter < 1.4.4 – Filter Deletion via CSRF | CVE 2024-2262 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs

Proof of Concept

Make a logged in admin open the URL below to make them delete the filter with the slug test1:

https://example.com/wp-admin/admin.php?page=wpf_search&action=delete&paged=1&wpf_post[]=test1&action2=delete

Affects Plugins

themify-wc-product-filter

Fixed in 1.4.4

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Submitter

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

30544377-b90d-4762-b38a-ec89bda0dfdc

Timeline

Publicly Published

2024-03-11 (about 2 months ago)

Added

2024-03-11 (about 2 months ago)

Last Updated

2024-03-11 (about 2 months ago)

Other

Published

Title

Published

2022-11-23

Title

Popup Anything < 2.2.2 - Popup Settings Reset via CSRF

Published

2021-11-15

Title

WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF

Published

2024-03-25

Title

Smart Forms < 2.6.94 - Edit Entries via CSRF

Published

2022-07-18

Title

Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

Published

2022-06-01

Title

Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF