Woocommerce Pre Orders

woocommerce_pre-orders

Vendor: Woocommerce • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-32802 1Woocommerce 1Woocommerce Pre Orders Nov 21, 2024 Aug 30, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
CVE-2023-32793 1Woocommerce 1Woocommerce Pre Orders Nov 21, 2024 Aug 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
CVE-2023-3508 1Woocommerce 1Woocommerce Pre Orders Apr 23, 2025 Jul 31, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date,...Show more The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacksShow less
CVE-2023-3507 1Woocommerce 1Woocommerce Pre Orders Apr 23, 2025 Jul 31, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack