Vulnerability Details CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.5%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-3507
-
cpe:2.3:a:woocommerce:woocommerce_pre-orders:1.9.0
-
cpe:2.3:a:woocommerce:woocommerce_pre-orders:2.0.0