WordPress Plugin Vulnerabilities

Customer Reviews for WooCommerce < 5.3.6 - Cross-Site Request Forgery

Description

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions

Affects Plugins

Plugin icon
customer-reviews-woocommerce
Fixed in 5.3.6

References

CVE
CVE-2022-38470

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
873ca823-186c-497a-b442-317656402975

Timeline

Publicly Published
2022-09-22 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2024-08-22
Title
Visual Sound <= 1.03 - Settings Update via CSRF
Published
2011-03-17
Title
WP Recaptcha < 3.0 - Multiple CSRF
Published
2025-07-14
Title
Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion
Published
2024-11-13
Title
WP Popup Window Maker <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-09-25
Title
BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF