Facebook for WooCommerce <= 1.9.12 - CSRF allowing Option Update



Description
The original issue has been fixed via 1.9.14.

However, as additional CSRF checks have been implemented in 1.9.15, the fixed in has been set to 1.9.15

Affects Plugin

fixed in version 1.9.15

References

CVE 2019-15841
CVE 2019-15840
URL https://www.zdnet.com/article/disgruntled-security-firm-discloses-zero-days-in-facebooks-wordpress-plugins/
URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2109894%40facebook-for-woocommerce&old=2102444%40facebook-for-woocommerce

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Views 4305
Verified No
WPVDB ID 9356

Timeline

Publicly Published 2019-06-18 (5 months ago)
Added 2019-06-19 (5 months ago)
Last Updated 2019-08-30 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin