Cross-Site Request Forgery Vulnerability in Woocommerce Shipping Plugin by WordPress
CVE-2024-12218

6.1MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
9 January 2025

Summary

The Woocommerce Check Pincode/Zipcode for Shipping plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) attacks across all versions up to and including 2.0.4. This vulnerability arises from insufficient or improper nonce validation, enabling unauthenticated attackers to exploit this flaw. If an attacker successfully deceives a site administrator into executing a malicious action, they could inject harmful web scripts via forged requests, potentially compromising the integrity and security of the website.

Affected Version(s)

Woocommerce check pincode/zipcode for shipping * <= 2.0.4

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Colin Xu
.