CVE-2018-11633

Name of the Vulnerable Software and Affected Versions MULTIDOTS Woo Checkout for Digital Goods plugin version 2.1

Description An issue allows attackers to change plugin settings by tricking an admin user into visiting a crafted URL. The woo checkout settings page function in the file class-woo-checkout-for-digital-goods-admin.php lacks checks against Cross-site request forgery (CSRF) and user capabilities, specifically when interacting with wp-admin/admin-post.php.

Recommendations For MULTIDOTS Woo Checkout for Digital Goods plugin version 2.1, as a temporary workaround, consider disabling the woo checkout settings page function until a patch is available. Restrict access to the class-woo-checkout-for-digital-goods-admin.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.