WordPress Plugin Vulnerabilities

WooCommerce Order Barcodes < 1.6.5 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.

Affects Plugins

Plugin icon
woocommerce-order-barcodes
Fixed in 1.6.5

References

CVE
CVE-2023-36511

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
5ef99852-6888-4f96-b38f-cc1804efd4e5

Timeline

Publicly Published
2023-07-17 (about 2 years ago)
Added
2023-07-17 (about 2 years ago)
Last Updated
2023-07-17 (about 2 years ago)

Other

Published
Title
Published
2025-10-02
Title
ContentMX Content Publisher < 1.0.7 - Cross-Site Request Forgery
Published
2025-07-18
Title
Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-04-12
Title
WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2025-04-09
Title
Advanced Tag Lists <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-06-08
Title
Multiple Roles < 1.3.2 - Cross-Site Request Forgery