WordPress Plugin Vulnerabilities

Booster for WooCommerce < 5.6.7 - Settings Reset via CSRF

Description

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack

Affects Plugins

Plugin icon
woocommerce-jetpack
Fixed in 5.6.7

References

CVE
CVE-2022-41805

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
d6c21a5a-a7ce-4914-9b69-72780dba4225

Timeline

Publicly Published
2022-10-28 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2022-06-20
Title
WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF
Published
2023-04-19
Title
Gallery Metabox <= 1.5 - Gallery Removal via CSRF
Published
2024-03-15
Title
Builder for WooCommerce reviews shortcodes – ReviewShort < 1.01.4 - Cross-Site Request Forgery
Published
2014-08-01
Title
Dimension - CSRF
Published
2024-12-11
Title
HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update