WordPress Plugin Vulnerabilities

eCommerce Product Catalog < 3.0.18 - CSRF Nonce Bypass

Description

The plugin did not properly check the CSRF nonce in the ic_orders.save() function, which could allow attackers to make a logged in user with the edit_digital_order capability save arbitrary digital orders.

Affects Plugins

Plugin icon
ecommerce-product-catalog
Fixed in 3.0.18

References

URL
https://plugins.trac.wordpress.org/changeset/2473569
URL
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet.com)
Submitter
WPScanTeam
Verified
Yes
WPVDB ID
f630687a-1d4e-4258-81b5-33c51ef5a999

Timeline

Publicly Published
2021-02-17 (about 4 years ago)
Added
2021-02-17 (about 4 years ago)
Last Updated
2021-03-05 (about 4 years ago)

Other

Published
Title
Published
2023-11-14
Title
Wordpress File Upload < 4.24.1 - Cross-Site Request Forgery
Published
2025-07-16
Title
Coupon Affiliates < 6.4.1 - Cross-Site Request Forgery
Published
2021-07-12
Title
Advanced Menu Manager < 3.0 - Unauthorised Menu Edition via CSRF
Published
2020-04-02
Title
Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription
Published
2024-08-05
Title
Shield Security < 20.0.6 - Reflected XSS