You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The Custom Order Numbers for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
Describe the bug
The Custom Order Numbers for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
Within the Wordfence Scan Wordfence said:
The Plugin "Custom Order Numbers for WooCommerce" has a security vulnerability.
Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/7d19800a-bff3-414f-a809-0159f49d263a?source=plugin
Additional context
https://wordpress.org/support/plugin/custom-order-numbers-for-woocommerce/
The text was updated successfully, but these errors were encountered: