Unrated severityNVD Advisory· Published May 15, 2023· Updated Jan 24, 2025

WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update

CVE-2023-2179

Description

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WooCommerce/WooCommerce Order Status Change Notifierdescription
WordPress/WooCommerce Order Status Change Notifierllm-create
Range: <=1.1.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/fbc56973-4225-4f44-8c38-d488e57cd551mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000