CVE-2022-0215

The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xootix:login\/signup_popup:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:xootix:side_cart_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:xootix:waitlist_woocommerce:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-01-18 09:15

Updated : 2022-01-24 12:31


NVD link : CVE-2022-0215

Mitre link : CVE-2022-0215


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

xootix

  • side_cart_woocommerce
  • login\/signup_popup
  • waitlist_woocommerce