WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF
CVE-2023-2329
8.8HIGH
What is CVE-2023-2329?
The WooCommerce Google Sheet Connector plugin for WordPress, prior to version 1.3.6, is susceptible to cross-site request forgery (CSRF) attacks. This vulnerability enables an attacker to exploit the lack of CSRF checks when updating the Access Code. By persuading a logged-in administrator to perform an action without their consent, attackers could change the access code to an arbitrary value, potentially compromising security and access controls.
Affected Version(s)
WooCommerce Google Sheet Connector 0 < 1.3.6