Vulnerabilities and security researches forcustom-order-statuses-woocommerce custom-order-statuses-woocommerce

Jun 07, 2024

CVE, Research URL: 5b81231b16ae35c03126c0169ca380dbb8ea1e71
Home page URL: Security reports for Custom Order Status for WooCommerce
Application: Custom Order Status for WooCommerce
Date: Jan 30, 2024
Research Description: Custom Order Status for WooCommerce [custom-order-statuses-woocommerce] < 2.4.0 Custom Order Status for WooCommerce <= 2.3.0 - Cross-Site Request Forgery The Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.4.0.
Status: vulnerable