CVE-2023-2179

Exploit

EPSS 0.07%
Veröffentlicht 15.05.2023 13:15:10
Zuletzt bearbeitet 24.01.2025 21:15:10
Quelle contact@wpscan.com
Teams Watchlist Login
Unerledigt Login

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Woocommerce ≫ Woocommerce Order Status Change Notifier SwPlatformwordpress Version <= 1.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.212

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

https://wpscan.com/vulnerability/fbc56973-4225-4f44-8c38-d488e57cd551

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-2179

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2179

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2179

EUVD