WordPress Custom My Account for Woocommerce Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-46634

7.1HIGH

Key Information:

Vendor

WordPress
Status
Custom My Account For WooCommerce
Vendor
CVE Published:
13 November 2023

What is CVE-2023-46634?

A Cross-Site Request Forgery (CSRF) vulnerability in the Custom My Account for WooCommerce plugin developed by phoeniixx enables attackers to potentially execute Cross-Site Scripting (XSS) attacks. This vulnerability impacts versions up to 2.1, allowing unauthorized commands to be sent by masquerading as authenticated users, leading to potential exploitation and data compromise.

Affected Version(s)

Custom My Account for Woocommerce <= 2.1

References

https://patchstack.com/database/vulnerability/custom-my-a...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

qilin_99 (Patchstack Alliance)
.