Cross-Site Request Forgery Vulnerability in Woocommerce Shipping Plugin by WordPress
CVE-2024-12218
6.1MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 9 January 2025
Summary
The Woocommerce Check Pincode/Zipcode for Shipping plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) attacks across all versions up to and including 2.0.4. This vulnerability arises from insufficient or improper nonce validation, enabling unauthenticated attackers to exploit this flaw. If an attacker successfully deceives a site administrator into executing a malicious action, they could inject harmful web scripts via forged requests, potentially compromising the integrity and security of the website.
Affected Version(s)
Woocommerce check pincode/zipcode for shipping * <= 2.0.4
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Colin Xu