CVE-2023-2329

Published: Jul 17, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

Affected (1)

Products: Gsheetconnector: Woocommerce Google Sheet Connector

Gsheetconnector

1 product

Woocommerce Google Sheet Connector

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gsheetconnector Woocommerce Google Sheet Connector	Up to 1.3.4

References (2)

https://wpscan.com/vulnerability/6e58f099-e8d6-49e4-9f02-d6a556c5b1d2

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/6e58f099-e8d6-49e4-9f02-d6a556c5b1d2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.