WordPress Plugin Vulnerabilities

WooCommerce Product Attachment < 2.2.0 - Checkout Attachements Update via CSRF

Description

The plugin does not have CSRF check when saving checkout attachements, which could allow attackers to make logged in users perform such action via a CSRF attack

Affects Plugins

Plugin icon
woo-product-attachment
Fixed in 2.2.0

References

CVE
CVE-2023-40212

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
9a3c9708-b302-4b3e-808c-4713d7a7b4e0

Timeline

Publicly Published
2023-08-11 (about 2 years ago)
Added
2023-10-10 (about 2 years ago)
Last Updated
2023-10-10 (about 2 years ago)

Other

Published
Title
Published
2024-01-31
Title
Debug < 1.11 - CSRF
Published
2024-03-28
Title
Pocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings Update
Published
2021-11-15
Title
WP Limits <= 1.0 - Plugin's Settings Update via CSRF
Published
2023-01-27
Title
Conditional Shipping for WooCommerce < 2.3.2 - Ruleset Toggle via CSRF
Published
2026-02-14
Title
Blackfyre <= 2.5.4 - Cross-Site Request Forgery