WordPress Conditional Shipping for WooCommerce Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2022-46815

8.8HIGH

Key Information:

Vendor: WordPress
Status: Conditional Shipping for WooCommerce
Vendor: CVE Published:; 2 February 2023

What is CVE-2022-46815?

This vulnerability presents a Cross-Site Request Forgery (CSRF) risk in the WP Trio Conditional Shipping for WooCommerce plugin versions 2.3.1 and earlier. Attackers can exploit this flaw to execute unauthorized actions on behalf of users without their consent. The lack of proper CSRF protections can lead to significant disruption and unauthorized changes, placing user data and site integrity at risk. Users of affected versions are advised to implement available patches to mitigate this security threat.

Affected Version(s)

Conditional Shipping for WooCommerce <= 2.3.1

References

https://patchstack.com/database/vulnerability/conditional...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2023
Vulnerability Reserved
Dec 8, 2022

Credit

Cat (Patchstack Alliance)