CVE-2019-20891: Cross-Site Request Forgery (CSRF)

June 19, 2020 (updated June 25, 2020)

WooCommerce when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

References

nvd.nist.gov/vuln/detail/CVE-2019-20891

Code Behaviors & Features

Detect and mitigate CVE-2019-20891 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →