CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3508

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.3%

CVSS Severity

CVSS v3 Score 6.5

References

https://wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738
https://wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738

Products affected by CVE-2023-3508

Woocommerce » Woocommerce Pre-Orders » Version: 1.9.0

cpe:2.3:a:woocommerce:woocommerce_pre-orders:1.9.0
Woocommerce » Woocommerce Pre-Orders » Version: 2.0.0

cpe:2.3:a:woocommerce:woocommerce_pre-orders:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3508

Products

Pricing

Contact Us