Cross site request forgery (csrf)

2022-12-1218:15:00

PRIOn knowledge base

www.prio-n.com

welcart e-commerce

wordpress

csrf

ajax

shipping methods

authorization

0.001 Low

EPSS

Percentile

21.4%

JSON

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.

CPENameOperatorVersion
welcart_e-commercelt2.8.4

CPE	Name	Operator	Version
	welcart_e-commerce	lt	2.8.4

References

wpscan.com/vulnerability/b48e4e1d-e682-4b16-81dc-2feee78d7ed0

0.001 Low

EPSS

Percentile

21.4%

JSON

Related for PRION:CVE-2022-3946