Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Decorator – WooCommerce Email Customizer 1.2.7

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 2, 2023

The Decorator – WooCommerce Email Customizer is a plugin for WordPress websites. In versions up to and including 1.2.7, it has a security vulnerability called Cross-Site Request Forgery. This means that unauthenticated attackers could modify settings from the plugin without needing to log in, if they can get an administrator to click on a link. This is because several functions, such as ajax_reset(), wt_decorator_button_text(), and wt_decorator_set_as_default(), do not have any security measures to prevent forged requests.

Detected in:

Decorator – WooCommerce Email Customizer fixed vulnerable versions: >= * <= 1.2.7
WebToffee eCommerce Marketing Automation – Email marketing, Popups, Email customizer fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.