Lucene search
HistoryJul 17, 2023 - 2:15 p.m.
CVE-2023-2329
woocommerce
google sheet connector
csrf
access code
wordpress plugin
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
57.0%
The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
Affected configurations
Node
gsheetconnectorwoocommerce_google_sheet_connectorRange≤1.3.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gsheetconnector | woocommerce_google_sheet_connector | * | cpe:2.3:a:gsheetconnector:woocommerce_google_sheet_connector:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
wpvulndb
wpvulndb
WooCommerce Google Sheet Connector <= 1.3.5 - Access Code Update via CSRF
2023-06-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-07-17 14:15:00
cve
cve
CVE-2023-2329
2023-07-17 14:15:09
wpexploit
wpexploit
WooCommerce Google Sheet Connector <= 1.3.5 - Access Code Update via CSRF
2023-06-26 00:00:00
wordfence
wordfence
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
57.0%
Related for NVD:CVE-2023-2329