• Call Us: (540) 566-8737
    • Account Login (AMP)
    Menu
    Variation Swatches for WooCommerce 1.0.8 – 1.3.2 – Cross-Site Request Forgery to Plugin Settings Reset

    Variation Swatches for WooCommerce 1.0.8 – 1.3.2 – Cross-Site Request Forgery to Plugin Settings Reset

    Tweet
    Share
    Share
    Pin
    0 Shares

    EntreBase Advisory: The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access.

    Read more about this vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/id/6c43b9b4-4394-428a-b381-d6a776fcd130?source=api-prod

    About the Contributor
    Trust & Safety
    The Trust & Safety team ensures the EntreBase platform remains compliant, safe, and user-friendly. Focused on risk management and user protection, they work to uphold trust and provide a seamless experience.