WordPress Plugin Vulnerabilities

MWB Point of Sale (POS) for WooCommerce < 1.0.1 - CSRF Bypass / Unauthorised AJAX Call

Description

The plugin has a logic flaw in the CSRF checks, allowing them to be passed by not providing the related nonce parameter in the request. This could allow attacker to make logged in users do unwanted actions.

v1.0.1 fixed the Bypass, however actions are still missing capability checks

Affects Plugins

Plugin icon
mwb-point-of-sale-pos-for-woocommerce
Fixed in 1.0.1

References

URL
https://plugins.trac.wordpress.org/changeset/2580773/mwb-point-of-sale-pos-for-woocommerce/trunk/admin/class-pos-for-woocommerce-admin.php
URL
https://plugins.trac.wordpress.org/changeset/2580773/mwb-point-of-sale-pos-for-woocommerce/trunk/public/class-pos-for-woocommerce-public.php

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
fe9d8384-b35a-4e92-bf43-e92584d4b5d2

Timeline

Publicly Published
2021-08-10 (about 4 years ago)
Added
2021-08-23 (about 4 years ago)
Last Updated
2021-08-23 (about 4 years ago)

Other

Published
Title
Published
2020-09-16
Title
Custom Field Template < 2.5.2 - Cross-Site Request Forgery
Published
2023-10-03
Title
Sp*tify Play Button for WordPress < 2.11 - Settings Update via CSRF
Published
2025-02-11
Title
Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update
Published
2024-04-24
Title
CM Tooltip Glossary < 4.3.0 - Settings Update via CSRF
Published
2014-12-14
Title
Spnbabble <= 1.4.1 - Multiple CSRF