CVE-2019-20891

CVE-2019-20891

packagist/woocommerce/woocommerce

Cross-Site Request Forgery (CSRF)

WooCommerce when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

All versions before 3.6.5

Upgrade to version 3.6.5 or above.

2020-06-26