Cross-Site Request Forgery Vulnerability in WP-OliveCart and WP-OliveCartPro
CVE-2016-4904

8.8HIGH

Key Information:

Vendor
WordPress
Status
WP-olivecart
WP-olivecartpro
Vendor
CVE Published:
22 May 2017

Summary

A cross-site request forgery (CSRF) vulnerability exists in WP-OliveCart and WP-OliveCartPro that enables remote attackers to exploit user authentication. This can result in unauthorized actions being performed on behalf of the user without their consent, potentially compromising sensitive data. The affected versions include WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8, necessitating timely updates to mitigate the risks of exploitation.

Affected Version(s)

WP-OliveCart versions prior to 3.1.3

WP-OliveCartPro versions prior to 3.1.8

References

http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000209.html
third-party-advisoryx_refsource_JVNDB
http://www.wp-olivecart.com/news/20160925.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93790
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.