CVE-2024-13511
Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access.
| CWE | CWE-352 |
| Vendor | themehunk |
| Product | variation swatches for woocommerce |
| Published | Jan 23, 2025 |
| Last Updated | Jan 23, 2025 |
Stay Ahead of the Next One
Get instant alerts for themehunk variation swatches for woocommerce
Be the first to know when new medium vulnerabilities affecting themehunk variation swatches for woocommerce are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
themehunk / Variation Swatches for WooCommerce
1.0.8 โค 1.3.2
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/6c43b9b4-4394-428a-b381-d6a776fcd130?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/th-variation-swatches/tags/1.3.1/inc/thvs-settings.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3226822/th-variation-swatches/trunk/inc/thvs-settings.php
Credits
lucky_buddy