What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in WebAppick Challan webappick-pdf-invoice-for-woocommerce allows Privilege Escalation.This issue affects Challan: from n/a through <= 3.7.58.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in WebAppick Challan webappick-pdf-invoice-for-woocommerce allows Privilege Escalation.This issue affects Challan: from n/a through <= 3.7.58.
Explanation of Vulnerability in Simple Terms
Challan versions up to 3.7.58 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. An attacker can craft a malicious link or page that, when visited by a logged-in user, executes unwanted operations without the user's knowledge or consent. This affects confidentiality, integrity, and availability of the application.
What an attacker can do
Perform unauthorized actions on behalf of a logged-in user, such as modifying data or changing settings.
Potential impact on your site
Users' accounts can be compromised to perform unwanted actions; attackers can modify or delete data without direct authentication.
Conditions required to exploit
A logged-in user must visit an attacker-controlled page or click a malicious link while authenticated to Challan.
Key dates
External resources