ThreatPress

WordPress Vulnerability Database

Back

WordPress WooCommerce Anti-Fraud premium plugin <= 3.2 - Unauthenticated order status manipulation

Product
WooCommerce Anti-Fraud
Description
Unauthenticated order status manipulation issue found by Brian Henry in WordPress WooCommerce Anti-Fraud premium plugin (versions <= 3.2).
Solution
Update the WordPress WooCommerce Anti-Fraud premium plugin to the latest available version (at least 3.3).
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin page
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 3.2
Fixed In 3.3
Disclosure date
2020-11-22
Credits
Brian Henry