CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-11633

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.6%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/
https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers
http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/
https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers

Products affected by CVE-2018-11633

Multidots » Woo Checkout For Digital Goods » Version: 2.1

cpe:2.3:a:multidots:woo_checkout_for_digital_goods:2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-11633

Products

Pricing

Contact Us