CVE-2023-39159 MEDIUM

CVE-2023-39159: WordPress Fraud Prevention For Woocommerce Plugin <= 2.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Vendor Thedotstore
Product Fraud Prevention For Woocommerce
Weakness CWE-352 · CSRF
Published October 3, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.

Key dates

02Disclosure timeline

October 3, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-9945 Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset CVE-2023-46201 WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2024-20254 CVE-2022-43488 WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability CVE-2026-8140 Concrete CMS 9.5.0 and below is vulnerable to CSRF on download() in the package install controller