Custom Order Status for WooCommerce, 5b81231b16ae35c03126c0169ca380dbb8ea1e71

CVE, Research URL: 5b81231b16ae35c03126c0169ca380dbb8ea1e71
Home page URL: Security reports for Custom Order Status for WooCommerce
Application: Custom Order Status for WooCommerce
Published on: Jan 30, 2024
Research Description: Custom Order Status for WooCommerce [custom-order-statuses-woocommerce] < 2.4.0 Custom Order Status for WooCommerce <= 2.3.0 - Cross-Site Request Forgery The Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.4.0.
Status: vulnerable