Cross-site request forgery (CSRF) in Woo Checkout for Digital Goods plugin <= 2.1

This plugin is vulnerable to a Cross-site request forgery (CSRF) vulnerability. Admin user can be tricked to visit a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings.

This function woo_checkout_settings_page, In file class-woo-checkout-for-digital-goods-admin.php doesn’t do any check against Cross-site request forgery (CSRF) and user capabilities.

Proof Of Concept:

Cross-site request forgery (CSRF) in Eu Cookie Notice plugin <= 1.0.6

This plugin is vulnerable to a Cross-site request forgery (CSRF) vulnerability. Admin user can be tricked to visit a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings.

Proof Of Concept:

Cross-site Request Forgery (CSRF) in Add Social Share Messenger Buttons Whatsapp and Viber plugin <= 1.0.8

This plugin is vulnerable to a Cross-site request forgery (CSRF) vulnerability. Admin user can be tricked to visit a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. There’s no nonce or role check in whatsapp_share_setting_add_update() function.

Proof Of Concept: