N/A

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.

N/A

N/A

WordPress MULTIDOTS Woo Checkout for Digital Goods插件安全漏洞

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。MULTIDOTS Woo Checkout for Digital Goods plugin是使用在其中的一个用于删除数字商品的结算和收货地址字段的插件。 WordPress MULTIDOTS Woo Checkout for Digital Goods插件2.1版本中存在安全漏洞，该漏洞源于程序没有对跨站请求伪造和用户权限执行检测。攻击者可诱使用户访问恶意的U

N/A

N/A