CVE-2024-22155Cross-Site Request Forgery in Woocommerce

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 54.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Automattic Woocommerce
Timeline
PublishedApr 7

Description

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5automattic/woocommercen/a8.5.2

🔴Vulnerability Details

2
CVEList
WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability2024-04-07
GHSA
GHSA-cp28-995c-wj8q: Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce2024-04-07
CVE-2024-22155 — Cross-Site Request Forgery | cvebase