WordPress Plugin Vulnerabilities

Personalized WooCommerce Cart Page <= 2.4 - Cross-Site Request Forgery (CSRF)

Description

The WooHero WooCommerce Store Customizer WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
personalize-woocommerce-cart-page
Fixed in 2.5

References

CVE
CVE-2019-5979
URL
https://jvn.jp/en/jp/JVN88804335/index.html
URL
https://plugins.trac.wordpress.org/changeset/2099595/personalize-woocommerce-cart-page

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Akira Yamasaki of Cryptography Laboratory
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d6b6789e-4b79-4b63-8497-0dba28ba72ce

Timeline

Publicly Published
2019-06-19 (about 6 years ago)
Added
2019-07-09 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-09-01
Title
Captcha Code < 2.8 - Settings Update via CSRF
Published
2021-06-30
Title
Instantio < 1.2.6 - CSRF Bypass
Published
2023-02-02
Title
Multi Rating < 5.0.6 - Ratings Deletion via CSRF
Published
2023-11-12
Title
ShiftController Employee Shift Scheduling < 4.9.24 - CSRF
Published
2022-05-31
Title
Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF