Vulnerabilities and security researches forpersonalize-woocommerce-cart-page personalize-woocommerce-cart-page

Jun 07, 2024

CVE, Research URL: CVE-2019-5979
Home page URL: Security reports for GoHero Store Customizer for WooCommerce
Application: GoHero Store Customizer for WooCommerce
Date: Jul 05, 2019
Research Description: Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Affected versions: max 2.5.
Status: vulnerable

Jan 27, 2025

CVE, Research URL: CVE-2024-12826
Home page URL: Security reports for GoHero Store Customizer for WooCommerce
Application: GoHero Store Customizer for WooCommerce
Date: Jan 25, 2025
Research Description: The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings.
Affected versions: max 3.5.
Status: vulnerable