WordPress Woocommerce Support System plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2023-41686
6.5MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 13 December 2024
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the ilGhera Woocommerce Support System. This flaw enables malicious actors to perform unauthorized actions on behalf of authenticated users without their consent. The issue affects various versions of Woocommerce Support System, notably from n/a up to 1.2.2, which may expose users to manipulation and exploitation. Users and administrators are advised to review their installations and apply necessary security measures to mitigate the risks associated with this vulnerability.
Affected Version(s)
Woocommerce Support System <= 1.2.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mika (Patchstack Alliance)