RSS   Vulnerabilities for 'Woo checkout for digital goods'   RSS



An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.


 >>> Vendor: Multidots 6 Products
Woo checkout for digital goods
Add social share messenger buttons whatsapp and viber
Woocommerce quick reports
Advance search for woocommerce
Woocommerce category banner management
Mass pages/posts creator

Copyright 2023,


Back to Top