WordPress Plugin Vulnerabilities
Event Manager for WooCommerce < 3.7.8 - Cross-Site Request Forgery (CSRF)
Description
The plugin does not protect its uninstall_reason_submission action against CSRF attacks, allowing an unauthenticated attacker to trick a logged in admin to submit a deactivate reason by submitting a crafted request.
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Lana Codes
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-03-16 (about 1 years ago)
Added
2023-05-29 (about 11 months ago)
Last Updated
2023-05-29 (about 11 months ago)