Woo Checkout For Digital Goods
Approved changes feed: RSS · Atom
cpe:2.3:a:multidots:woo_checkout_for_digital_goods:2.1:*:*:*:*:wordpress:*:*
part: a version: 2.1 update: *
| Vendor | Multidots (5250f8e8-1dec-5ba1-827d-239ecebd5682) |
|---|---|
| Product | Woo Checkout For Digital Goods (43be0c19-d7f9-5d9c-b7bb-a92c56407c4a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-11633 |
vulnerable | 2026-06-08 05:10:38.748365 |
Details available
An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.
Published: 2018-05-31T20:00:00.000Z
Updated: 2024-09-17T03:23:27.016Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.