WordPress Plugin Vulnerabilities

Conditional Shipping for WooCommerce < 2.3.2 - Ruleset Toggle via CSRF

Description

The plugin does not have CSRF check when toggling ruleset, which could allow attackers to make logged in users with the manage_woocommerce capability perform such action via a CSRF attack

Affects Plugins

Plugin icon
conditional-shipping-for-woocommerce
Fixed in 2.3.2

References

CVE
CVE-2022-46815

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Cat
Verified
Yes
WPVDB ID
c373b43c-8746-4620-b908-2320e059ddaf

Timeline

Publicly Published
2023-01-27 (about 3 years ago)
Added
2023-02-02 (about 3 years ago)
Last Updated
2023-02-02 (about 3 years ago)

Other

Published
Title
Published
2025-12-31
Title
OpenHook <= 4.3.1 - Cross-Site Request Forgery
Published
2022-09-26
Title
Oceanwp Sticky Header <= 1.0.8 - CSRF
Published
2024-06-28
Title
NewsMash < 1.0.35 - Cross-Site Request Forgery to Notice Dismissal
Published
2025-09-19
Title
Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery
Published
2024-12-12
Title
Category of Posts <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting