WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2022-45367
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 25 May 2023
What is CVE-2022-45367?
Tyche Software's Custom Order Numbers for WooCommerce plugin versions 1.4.0 and earlier are susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to trick a logged-in user into executing unwanted actions on their behalf, potentially compromising the integrity of orders and user data. It's crucial to upgrade to the latest version to mitigate these security risks.
Affected Version(s)
Custom Order Numbers for WooCommerce <= 1.4.0