The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Configurations
History
07 Nov 2023, 04:19
Type | Values Removed | Values Added |
---|---|---|
CWE |
01 Sep 2023, 13:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Rednao
Rednao woocommerce Pdf Invoice Builder |
|
CPE | cpe:2.3:a:rednao:woocommerce_pdf_invoice_builder:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://plugins.trac.wordpress.org/changeset/2951617/woo-pdf-invoice-builder/trunk/woocommerce-pdf-invoice-ajax.php?old=2949518&old_path=woo-pdf-invoice-builder%2Ftrunk%2Fwoocommerce-pdf-invoice-ajax.php - Patch | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/ebf2e701-9f9b-4a78-a61a-0cf90cdd9755?source=cve - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/browser/woo-pdf-invoice-builder/trunk/woocommerce-pdf-invoice-ajax.php?rev=2935371#L894 - Patch |
31 Aug 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-31 06:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3764
Mitre link : CVE-2023-3764
CVE.ORG link : CVE-2023-3764
JSON object : View
Products Affected
rednao
- woocommerce_pdf_invoice_builder
CWE
No CWE.