WordPress Plugin Vulnerabilities

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Rule Type Migration via CSRF

Description

The plugin does not have CSRF check when migrating rule types, which could allow attackers to make logged in admin perform such action via a CSRF attack

Affects Plugins

Plugin icon
advanced-dynamic-pricing-for-woocommerce
Fixed in 4.1.6

References

CVE
CVE-2022-43488

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
eb43a2d9-0fff-4acf-a262-dd7fc3b3910d

Timeline

Publicly Published
2022-10-30 (about 3 years ago)
Added
2022-11-09 (about 3 years ago)
Last Updated
2022-11-09 (about 3 years ago)

Other

Published
Title
Published
2023-03-22
Title
Thank You Page Customizer for WooCommerce – Increase Your Sales < 1.0.14 - CSRF
Published
2022-03-28
Title
Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF
Published
2023-10-26
Title
EasyRecipe <= 3.5.3251 - Cross-Site Request Forgery
Published
2025-03-11
Title
Login Logger <= 1.2.1 - Cross-Site Request Forgery
Published
2023-10-16
Title
Responsive Image Gallery, Gallery Album <= 2.0.3 - Arbitrary Settings Update via CSRF