Description
WordPress Plugin WooCommerce is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WooCommerce version 3.6.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.6.5 or latest
References
https://mp.weixin.qq.com/s/j79MNsy-tnJQGfFg7ROxTw
https://paper.seebug.org/1056/
https://blog.ripstech.com/2019/woocommerce-csrf-to-stored-xss/
https://woocommerce.wordpress.com/2019/07/02/woocommerce-3-6-5-security-release/
Related Vulnerabilities
Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0033)
MySQL CVE-2016-0608 Vulnerability (CVE-2016-0608)
WordPress Plugin IGIT Posts Slider Widget 'src' Parameter Cross-Site Scripting (1.0)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)
OpenSSL Resource Management Errors Vulnerability (CVE-2012-1165)