Description
WordPress Plugin WooCommerce Anti-Fraud is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset all orders' statuses to processing. WordPress Plugin WooCommerce Anti-Fraud version 3.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3 or latest
References
https://twitter.com/BrianHenryIE/status/1330300510331613185
https://dzv365zjfbd8v.cloudfront.net/changelogs/woocommerce-anti-fraud/changelog.txt
Related Vulnerabilities
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)
MyBB Improper Input Validation Vulnerability (CVE-2016-9420)
WordPress Plugin YARPP-Yet Another Related Posts Multiple Vulnerabilities (4.2.4)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2002-0493)