Identifier

CVE-2019-20891

Package Slug

packagist/woocommerce/woocommerce

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

WooCommerce when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

Affected Versions

All versions before 3.6.5

Solution

Upgrade to version 3.6.5 or above.

Last Modified

2020-06-26

source