The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can trick an admin into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-08-31T05:33:06.237Z
Updated: 2024-08-02T07:17:12.159Z
Reserved: 2023-08-04T18:18:23.594Z
Link: CVE-2023-4161
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-08-31T06:15:10.870
Modified: 2024-11-21T08:34:30.910
Link: CVE-2023-4161
Redhat
No data.