WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-34386

8.8HIGH

Key Information:

Vendor: WordPress
Status: WPc Smart Wishlist For WooCommerce
Vendor: CVE Published:; 9 November 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in versions up to 4.7.1 of the WPC Smart Wishlist for WooCommerce plugin by WPClever. This security flaw could allow an attacker to perform actions on behalf of a logged-in user without their consent, leading to unauthorized changes or data exposure. It is essential for users of this plugin to apply updates and implement security measures to protect their WooCommerce sites from potential attacks.

Affected Version(s)

WPC Smart Wishlist for WooCommerce <= 4.7.1

References

https://patchstack.com/database/vulnerability/woo-smart-w...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2023
Vulnerability Reserved
Jun 2, 2023

Credit

Lana Codes (Patchstack Alliance)