CVE-2024-2322

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.

Related Vulnerabilities

CVE-2017-1000147

MEDIUM
CVSS:6.8(Medium)

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. T...

CWE-3522017

CVE-2017-17982

MEDIUM
CVSS:6.8(Medium)

PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.

CWE-3522017

CVE-2018-10223

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.

CWE-3522018

CVE-2018-10224

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.

CWE-3522018

CVE-2018-5073

MEDIUM
CVSS:6.8(Medium)

Online Ticket Booking has CSRF via admin/movieedit.php.

CWE-3522018