CVE-2023-2329

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 17, 2023

Updated: Nov 7, 2023

CWE ID 77

Summary

CVE-2023-2329 is a vulnerability affecting the WooCommerce Google Sheet Connector plugin before version 1.3.6. This issue permits attackers to perform Cross-Site Request Forgery (CSRF) attacks, allowing them to alter the Access Code of the plugin for logged-in admin users. Consequently, attackers can gain unauthorized access to the plugin's settings, potentially leading to serious security implications for WordPress websites using this plugin. The vulnerability stems from the absence of CSRF protection during the Access Code update process.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Korenix Tech

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/pmxp0U
https://www.cve.org/CVERecord?id=CVE-2023-2329
https://nvd.nist.gov/vuln/detail/CVE-2023-2329

Back to Vulnerability Database

CVE-2023-2329

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations