What the vulnerability does
01Description
Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
Explanation of Vulnerability in Simple Terms
The Permalink Manager for WooCommerce plugin contains a cross-site request forgery (CSRF) vulnerability affecting versions up to 1.0.8.2. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability requires user interaction and can affect the site's configuration, data integrity, and availability.
What an attacker can do
Trick a logged-in admin into visiting a malicious page that performs unwanted actions on the site.
Potential impact on your site
Attackers can modify plugin settings, alter WooCommerce permalinks, or corrupt site configuration without admin consent.
Conditions required to exploit
Admin must visit attacker-controlled page while logged into WordPress.
Key dates
External resources
Related vulnerabilities