WordPress Plugin Vulnerabilities

WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

Description

The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack

Proof of Concept

Make a logged in admin open the URL below (42 being a pre-order to be canceled)

https://example.com/wp-admin/admin.php?page=wc_pre_orders&action=cancel_pre_order&order_id=42

Affects Plugins

Plugin icon
woocommerce-pre-orders
Fixed in 2.0.3

References

CVE
CVE-2023-3507

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
e72bbe9b-e51d-40ab-820d-404e0cb86ee6

Timeline

Publicly Published
2023-07-10 (about 10 months ago)
Added
2023-07-10 (about 10 months ago)
Last Updated
2023-07-10 (about 10 months ago)

Other

Published
Title
Published
2024-02-26
Title
Comments Extra Fields For Post,Pages and CPT < 5.1 - Cross-Site Request Forgery
Published
2023-11-09
Title
TPG Redirect < 1.0.8 - CSRF
Published
2023-11-30
Title
Quotes for WooCommerce < 2.0.2 - Quote Status Update / Quote Sending via CSRF
Published
2023-11-13
Title
Multi Step Form < 1.7.13 - Form Update/Deletion via CSRF
Published
2024-04-05
Title
Easy Google Maps < 1.11.12 - Cross-Site Request Forgery