The Woo Billingo Plus WordPress plugin prior to 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin prior to 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin prior to 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow malicious users to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
woo billingo plus project woo billingo plus |
||
integration for billingo \\& gravity forms project integration for billingo \\& gravity forms |
||
integration for szamlazz.hu \\& gravity forms project integration for szamlazz.hu \\& gravity forms |