eCommerce Product Catalog < 3.0.18 - CSRF Nonce Bypass

Description

The plugin did not properly check the CSRF nonce in the ic_orders.save() function, which could allow attackers to make a logged in user with the edit_digital_order capability save arbitrary digital orders.

Affects Plugins

ecommerce-product-catalog

Fixed in version 3.0.18✓

References

URL

https://plugins.trac.wordpress.org/changeset/2473569

URL

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Submitter

WPScanTeam

Verified

Yes

WPVDB ID

f630687a-1d4e-4258-81b5-33c51ef5a999

Timeline

Publicly Published

2021-02-17 (about 2 months ago)

Added

2021-02-17 (about 2 months ago)

Last Updated

2021-03-05 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin