CVE-2024-13317
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Jan 18, 2025
CWE ID 352
Summary
CVE-2024-13317 is a Cross-Site Request Forgery vulnerability affecting the ShipWorks Connector for WooCommerce plugin for WordPress. Versions up to and including 5.2.5 are impacted. The issue arises from insufficient or missing nonce validation on the 'shipworks-wordpress' page, enabling unauthenticated attackers to manipulate the services username and password through crafted requests. Successful exploitation requires persuading a site administrator to execute a malicious action, such as clicking on a link.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share