Cross-Site Request Forgery Vulnerability in WooCommerce Plugin
CVE-2024-2395
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 12 March 2024
What is CVE-2024-2395?
The Bulgarisation for WooCommerce plugin for WordPress is susceptible to Cross-Site Request Forgery due to the lack of appropriate nonce validation across multiple functions. This vulnerability can be exploited by unauthenticated attackers who can potentially trick site administrators into executing unintended actions, such as generating or deleting labels, through malicious links.
Affected Version(s)
Bulgarisation for WooCommerce * <= 3.0.14