Popup Cart Lite for WooCommerce <= 1.1 – Cross-Site Request Forgery | CVE 2024-31100 | Plugin Vulnerabilities

Description

The Popup Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

woocommerce-woocart-popup-lite

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/05cac571-6689-4a69-b600-3cfeaa1d3c47

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Skalucy

Verified

No

WPVDB ID

d61d1210-77c2-43b5-b85e-49da71914ac3

Timeline

Publicly Published

2024-03-29 (about 2 years ago)

Added

2024-04-03 (about 2 years ago)

Last Updated

2024-04-03 (about 2 years ago)

Other

Published

Title

Published

2025-11-29

Title

Duplicate Content Cure <= 1.0 - Cross-Site Request Forgery

Published

2022-10-17

Title

WP < 6.0.3 - Stored XSS via the Customizer

Published

2014-08-01

Title

All in one webmaster 8.2.3 - Script Insertion CSRF

Published

2025-09-26

Title

Lenix scss compiler <= 1.2 - Cross-Site Request Forgery

Published

2025-03-24

Title

AdSense Privacy Policy <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting