WooCommerce <= 3.6.4 - Cross-Site Request Forgery (CSRF) & File Type Check



Description
Changelog mentions:

Security – Introduce file type check for tax rate importer.
Security – Added nonce check to CSV importer actions.

Affects Plugin

fixed in version 3.6.5

References

URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2116363%40woocommerce&old=2096035%40woocommerce
URL https://twitter.com/WooCommerce/status/1147543261814374401
URL https://woocommerce.wordpress.com/2019/07/02/woocommerce-3-6-5-security-release/

Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352

Miscellaneous

Views 4330
Verified No
WPVDB ID 9428

Timeline

Publicly Published 2019-07-07 (17 days ago)
Added 2019-07-07 (16 days ago)
Last Updated 2019-07-07 (16 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin