Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Plugin "Custom Order Numbers for WooCommerce" has a security vulnerability. #93

Closed
Chetna1510 opened this issue Apr 18, 2023 · 0 comments
Closed

The Plugin "Custom Order Numbers for WooCommerce" has a security vulnerability. #93

Chetna1510 opened this issue Apr 18, 2023 · 0 comments
Assignees
@kartikparmar
Labels
client issue Client Issue type: bug Something isn't working type: fixed Fixed
Milestone
1.4.1

Comments

@Chetna1510
Copy link

Describe the bug
The Custom Order Numbers for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

Within the Wordfence Scan Wordfence said:
The Plugin "Custom Order Numbers for WooCommerce" has a security vulnerability.
Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/7d19800a-bff3-414f-a809-0159f49d263a?source=plugin

Additional context
https://wordpress.org/support/plugin/custom-order-numbers-for-woocommerce/
@Chetna1510 Chetna1510 added the type: bug Something isn't working label Apr 18, 2023
@Chetna1510 Chetna1510 added this to the Future Milestone milestone Apr 18, 2023
@Chetna1510 Chetna1510 added the client issue Client Issue label Apr 18, 2023
@apeksha10 apeksha10 added the type: fixed Fixed label Apr 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kartikparmar kartikparmar

Labels
client issue Client Issue type: bug Something isn't working type: fixed Fixed
Projects
None yet
Milestone
1.4.1
Development

No branches or pull requests
4 participants
@Chetna1510 @kartikparmar @apeksha10 and others