CVE-2023-2179

Exploit

EPSS 0.07%
Veröffentlicht 15.05.2023 13:15:10
Zuletzt bearbeitet 24.01.2025 21:15:10
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WooCommerce Order Status Change Notifier <= 1.1.0 - Authenticated (Subscriber+) Arbitrary Order Status Update

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example

Mögliche Gegenmaßnahme

WooCommerce Order Status Change Notifier: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WooCommerce Order Status Change Notifier

Version * - 1.1.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Woocommerce ≫ Woocommerce Order Status Change Notifier SwPlatformwordpress Version <= 1.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.207

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

https://wpscan.com/vulnerability/fbc56973-4225-4f44-8c38-d488e57cd551

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/66bc83f5-0f6c-425f-a560-e79e777b76ca

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2179

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2179

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2179

EUVD