WordPress Plugin Vulnerabilities

Food Store < 1.3.7 - Unauthorised AJAX call via CSRF

Description

The plugin did not properly check for CSRF in its AJAX actions, allowing attackers to make users perform unwanted actions via a CSRF attack, such as add product add-on (for users with the edit_products capability), as well as add/remove arbitrary products to the basket of the targeted user

Affects Plugins

Plugin icon
food-store
Fixed in 1.3.7

References

URL
https://plugins.trac.wordpress.org/changeset/2503672/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
fd6b4c8c-36a8-4e25-8f73-d311ba52e73c

Timeline

Publicly Published
2021-06-30 (about 4 years ago)
Added
2021-06-30 (about 4 years ago)
Last Updated
2021-06-30 (about 4 years ago)

Other

Published
Title
Published
2025-07-03
Title
Radio Station < 2.5.13 - Cross-Site Request Forgery
Published
2024-03-13
Title
WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF
Published
2025-03-27
Title
publish post email notification < 1.0.2.4 - Cross-Site Request Forgery
Published
2023-01-02
Title
Booster for WooCommerce - Multiple CSRF
Published
2025-12-06
Title
Auto Alt Text < 2.5.3 - Cross-Site Request Forgery