CSRF Vulnerability in Custom Order Statuses for WooCommerce
CVE-2024-25930

8.8HIGH

Key Information:

Vendor: WordPress
Status: Custom Order Statuses For WooCommerce
Vendor: CVE Published:; 29 February 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Nuggethon Custom Order Statuses plugin for WooCommerce, affecting versions from n/a up to 1.5.2. This vulnerability enables attackers to execute unauthorized actions on behalf of the user without their consent, potentially leading to data manipulation or unauthorized transaction processing.

Affected Version(s)

Custom Order Statuses for WooCommerce <= 1.5.2

References

https://patchstack.com/database/vulnerability/custom-orde...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Skalucy (Patchstack Alliance)