Instantio – WooCommerce Quick Checkout | Instant Checkout, Side Cart & Popup Cart, 6646083b6e5336625de5d634435ea4e0ab434700

CVE, Research URL: 6646083b6e5336625de5d634435ea4e0ab434700
Home page URL: Security reports for Instantio – WooCommerce Quick Checkout | Instant Checkout, Side Cart & Popup Cart
Application: Instantio – WooCommerce Quick Checkout | Instant Checkout, Side Cart & Popup Cart
Published on: Jun 30, 2021
Research Description: Instantio – WooCommerce Quick Checkout | Direct Checkout, Floating Cart, Side Cart & Popup Cart [instantio] < 1.2.6 Instantio – WooCommerce Quick Checkout | Instant Checkout, Side Cart & Popup Cart <= 1.2.5 - Cross Site Request Forgery The Instantio – WooCommerce Quick Checkout | Instant Checkout, Side Cart & Popup Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the instantio_lite_ajax_quickview_variable_products function. This makes it possible for unauthenticated attackers to add products to a cart via a forged request granted they can trick a site user into performing an action such as clicking on a link.
Affected versions: Min -, max 1.2.6.
Status: vulnerable

Instantio &#8211; WooCommerce Quick Checkout | Instant Checkout, Side Cart &amp; Popup Cart, 6646083b6e5336625de5d634435ea4e0ab434700