CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46806 – WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46806
14 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification. The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.10. This is due to missing or incorrect nonce validation on numerous functions in the 'VI_WOO_CART_ALL_IN_ONE_Frontend_Frontend' class. This makes it possible for unauthenticated attackers to get various information (such as menu ca... • https://patchstack.com/database/vulnerability/woo-cart-all-in-one/wordpress-cart-all-in-one-for-woocommerce-plugin-1-1-10-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •