CVE-2023-40212 – WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-40212

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dotstore Product Attachment para WooCommerce en versiones &lt;= 2.1.8. The WooCommerce Product Attachment plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.8. This is due to missing nonce validation on the wcpoa_order_checkout_attachment_save() function. This makes it possible for unauthenticated attackers to save checkout page attachments on the behalf of other users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-product-attachment/wordpress-product-attachment-for-woocommerce-plugin-2-1-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •