Headline
CVE-2022-43488: WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 4.1.5
PSID
13403873238a
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-10-30
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to Rule Type Migration discovered by Muhammad Daffa (Patchstack Alliance) in WordPress Advanced Dynamic Pricing for WooCommerce plugin (versions <= 4.1.5).
Solution
Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the latest available version (at least 4.1.6).
References