Facebook for WooCommerce <= 1.9.12 - CSRF allowing Option Update



Description
The original issue has been fixed via 1.9.14.

However, as additional CSRF checks have been implemented in 1.9.15, the fixed in has been set to 1.9.15

Affects Plugin

fixed in version 1.9.15

References

URL https://www.zdnet.com/article/disgruntled-security-firm-discloses-zero-days-in-facebooks-wordpress-plugins/
URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2109894%40facebook-for-woocommerce&old=2102444%40facebook-for-woocommerce

Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352

Miscellaneous

Views 2268
Verified No
WPVDB ID 9356

Timeline

Publicly Published 2019-06-18 (about 1 month ago)
Added 2019-06-19 (about 1 month ago)
Last Updated 2019-06-27 (26 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin