WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2022-45367

8.8HIGH

Key Information:

Vendor: WordPress
Status: Custom Order Numbers for WooCommerce
Vendor: CVE Published:; 25 May 2023

Summary

Tyche Software's Custom Order Numbers for WooCommerce plugin versions 1.4.0 and earlier are susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to trick a logged-in user into executing unwanted actions on their behalf, potentially compromising the integrity of orders and user data. It's crucial to upgrade to the latest version to mitigate these security risks.

Affected Version(s)

Custom Order Numbers for WooCommerce <= 1.4.0

References

https://patchstack.com/database/vulnerability/custom-orde...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 25, 2023
Vulnerability Reserved
Nov 14, 2022

Credit

Muhammad Daffa (Patchstack Alliance)