WordPress Plugin Vulnerabilities

BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter <= 1.49.3 - Cross-Site Request Forgery

Description

The BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.49.3. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
bc-menu-cart-woo
No known fix

References

CVE
CVE-2023-49855
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/fc626bdb-e962-407c-95c3-3f9e28dc5876

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
613909ad-9c57-4fad-ae9d-dc43c66f2202

Timeline

Publicly Published
2023-12-07 (about 2 years ago)
Added
2023-12-10 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-02-13
Title
Glance That <= 4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-12-11
Title
Avada < 7.11.11 - Cross-Site Request Forgery
Published
2025-01-16
Title
MemeOne <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-10-07
Title
Awesome Testimonials <= 2.2.1 - Cross-Site Request Forgery
Published
2024-05-31
Title
WP Logs Book <= 1.0.1 - Log Clearing via CSRF