WordPress Plugin Vulnerabilities

First Order Discount Woocommerce < 1.22 - Discount Update via CSRF

Description

The plugin does not have CSRF check in its fodw_save_discount() function, which could allow attackers to make logged in admins update discounts via a CSRF attack

Affects Plugins

Plugin icon
first-order-discount-woocommerce
Fixed in 1.22

References

CVE
CVE-2023-49843
URL
https://patchstack.com/database/vulnerability/first-order-discount-woocommerce/wordpress-first-order-discount-woocommerce-plugin-1-21-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
f7c16617-2149-4c23-abed-497a5cfccfe1

Timeline

Publicly Published
2023-12-06 (about 2 years ago)
Added
2023-12-10 (about 2 years ago)
Last Updated
2024-02-12 (about 2 years ago)

Other

Published
Title
Published
2026-01-13
Title
Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery
Published
2023-11-14
Title
Hreflang Manager < 1.07 - Cross-Site Request Forgery
Published
2025-01-07
Title
Uptime Robot <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-01-24
Title
Roi Calculator < 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-07-03
Title
Trust Payments Gateway for WooCommerce (JavaScript Library) < 1.3.7 - Cross-Site Request Forgery