Description
WordPress Plugin WooCommerce is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WooCommerce version 3.6.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.6.5 or latest
References
https://mp.weixin.qq.com/s/j79MNsy-tnJQGfFg7ROxTw
https://paper.seebug.org/1056/
https://blog.ripstech.com/2019/woocommerce-csrf-to-stored-xss/
https://woocommerce.wordpress.com/2019/07/02/woocommerce-3-6-5-security-release/
Related Vulnerabilities
WordPress Plugin WP Easy Gallery 'add-gallery.php' Arbitrary File Upload (1.8)
WebLogic CVE-2019-2887 Vulnerability (CVE-2019-2887)
WordPress Plugin HTML5 AV Manager for WordPress 'custom.php' Arbitrary File Upload (0.2.7)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2022-41766)