CVE-2019-20891
packagist/woocommerce/woocommerce
Cross-Site Request Forgery (CSRF)
WooCommerce when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php
.
All versions before 3.6.5
Upgrade to version 3.6.5 or above.
2020-06-26
source |