This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Woocommerce First view 2023-07-31
Product Woocommerce Pre-Orders Last view 2023-08-30
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software wordpress  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:woocommerce:woocommerce_pre-orders

Activity : Overall

Related : CVE

  Date Alert Description
6.1 2023-08-30 CVE-2023-32802

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.

5.4 2023-08-30 CVE-2023-32793

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.

6.5 2023-07-31 CVE-2023-3508

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks

6.5 2023-07-31 CVE-2023-3507

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')