What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce gst-for-woocommerce allows Stored XSS.This issue affects GST for WooCommerce: from n/a through <= 2.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce gst-for-woocommerce allows Stored XSS.This issue affects GST for WooCommerce: from n/a through <= 2.0.
Explanation of Vulnerability in Simple Terms
GST for WooCommerce versions 2.0 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability affects the plugin's core functionality and can result in unauthorized changes to site settings or data.
What an attacker can do
Trick a logged-in admin into visiting a malicious page that performs unwanted actions on the site.
Potential impact on your site
Unauthorized changes to GST settings or WooCommerce configuration if an admin is tricked into visiting a malicious link.
Conditions required to exploit
Admin must visit attacker-controlled page while logged into WordPress.
Key dates
External resources
Related vulnerabilities