Cross-Site Request Forgery Vulnerability in WooCommerce by Automattic
CVE-2019-20891
8.8HIGH
What is CVE-2019-20891?
The vulnerability present in WooCommerce before version 3.6.5 allows an attacker to exploit cross-site request forgery (CSRF) issues during the handling of CSV imports for products. This vulnerability could be leveraged to achieve stored cross-site scripting (XSS) via the product import functionality. By persuading an authenticated user to import a manipulated CSV file, an attacker can inject malicious scripts into the application, potentially affecting all users who view the imported products.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved