ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin <= 1.8 - Cross-Site Request Forgery (CSRF) vulnerability

Product
WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking
Description
Cross-Site Request Forgery (CSRF) vulnerability found by ThreatPress Research Team in WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin (versions <= 1.8).
Solution
3 June 2018 - plugin still closed by WordPress Security team, no patched version available.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Plugin changelog
Vulnerability description
CVE
Name CVE-N/A
Versions
Affected In <= 1.8
Disclosure date
2018-06-03
Credits
ThreatPress
Submitter
ThreatPress