CVE-2023-3764
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Aug 31, 2023
Updated: Nov 7, 2023
CWE ID 668
Summary
CVE-2023-3764 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WooCommerce PDF Invoice Builder plugin for WordPress. Versions up to and including 1.2.90 are impacted by this issue. The Save function in the plugin lacks proper nonce validation, allowing unauthenticated attackers to manipulate invoices by forging requests. This can only be exploited if an administrator unwittingly performs a specific action, such as clicking on a malicious link.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share