Vulnerabilities and security researches forwoocommerce-product-sort-and-display woocommerce-product-sort-and-display

Jun 06, 2024

CVE, Research URL: CVE-2024-1807
Home page URL: Security reports for Product Sort and Display for WooCommerce
Application: Product Sort and Display for WooCommerce
Date: Apr 02, 2024
Research Description: The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to hide product categories.
Affected versions: max 2.4.2.
Status: vulnerable

CVE, Research URL: d1b0f784da3ca0f399c542515fda1423816819f0
Home page URL: Security reports for Product Sort and Display for WooCommerce
Application: Product Sort and Display for WooCommerce
Date: Nov 02, 2022
Research Description: Product Sort and Display for WooCommerce [woocommerce-product-sort-and-display] < 2.2.3 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset The following plugins for WordPress are vulnerable to Cross-Site Request Forgery: a3 Lazy Load (<= 2.6.0), Contact Us Page – Contact People (<= 3.6.1), a3 Portfolio (<= 3.0.1), Dynamic Product Gallery for WooCommerce (3.0.1), a3 Responsive Slider (<= 2.2.0), Compare Products for WooCommerce (<= 2.8.2), Products Quick View for WooCommerce (<= 2.0.1), Product Sort and Display for WooCommerce (<= 2.2.2), Product Widget Slider for WooCommerce (), WP Email Template (<= 2.6.2). This is due to missing nonce validation on the reset_settings() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.2.3.
Status: vulnerable