Phone Orders for WooCommerce by AlgolPlus

Phone Orders for WooCommerce by AlgolPlus <= 3.7.1 - Subscriber+ Sensitive Data Disclosure

LANACOMMONVDB ID: 5dbbe71b-5c59-4a27-a433-24cb0f2cb3c7

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check in the phone-orders-for-woocommerce AJAX action, which could allow any authenticated users to call it and retrieve user's personal data.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/phone-orders-for-woocommerce/

CVE: CVE-2022-41655

Attributes

Catgory: WordPress Plugin

Discovered: 2022-10-17

Published: 2022-10-24

Affected Version: <= 3.7.1

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization, Sensitive Data Disclosure

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).