- Login/Signup popup (inline form + Woocommerce) - versions 2.2 and below
- Side cart Woocommerce (Ajax) - versions 2.0 and below
- Waitlist Woocommerce (Back in stock notifier) - versions 2.5.1 and below
This vulnerability makes it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a link.
Cross-site request forgery occurs when an authenticated end-user is tricked by an attacker into submitting a specially crafted web request. CSRF can compromise the entire web application if the victim account is an administrator account.
- Taking full control over authenticated end-user’s account.
- Taking control of the entire web application.
- Sensitive information exposure.
Immediate update to the latest patched versions of each affected plugins;
- Version 2.3 for “Login/Signup Popup”.
- Version 2.5.2 for “Waitlist Woocommerce (Back in stock notifier)”.
- Version 2.1 for “Side Cart Woocommerce (Ajax)”.
(Versions at the time of this publication)
The information provided herein is on an "as is" basis, without warranty of any kind.