CVE-2022-4888

Name of the Vulnerable Software and Affected Versions Checkout Fields Manager WordPress plugin versions prior to 1.0.2 Abandoned Cart Recovery WordPress plugin versions prior to 1.2.5 Custom Fields for WooCommerce WordPress plugin versions prior to 1.0.4 Custom Order Number WordPress plugin versions prior to 1.0.1 Custom Registration Forms Builder WordPress plugin versions prior to 1.0.2 Advanced Free Gifts WordPress plugin versions prior to 1.0.2 Gift Registry for WooCommerce WordPress plugin versions prior to 1.0.1 Image Watermark for WooCommerce WordPress plugin versions prior to 1.0.1 Order Approval for WooCommerce WordPress plugin versions prior to 1.1.0 Order Tracking for WooCommerce WordPress plugin versions prior to 1.0.2 Price Calculator for WooCommerce WordPress plugin versions prior to 1.0.3 Product Dynamic Pricing and Discounts WordPress plugin versions prior to 1.0.6 Product Labels and Stickers WordPress plugin versions prior to 1.0.1

Description The affected WordPress plugins have flawed CSRF checks in various places, which could allow attackers to make logged-in users perform unwanted actions.

Recommendations Update Checkout Fields Manager WordPress plugin to version 1.0.2 or later. Update Abandoned Cart Recovery WordPress plugin to version 1.2.5 or later. Update Custom Fields for WooCommerce WordPress plugin to version 1.0.4 or later. Update Custom Order Number WordPress plugin to version 1.0.1 or later, or apply a patch if available. Update Custom Registration Forms Builder WordPress plugin to version 1.0.2 or later. Update Advanced Free Gifts WordPress plugin to version 1.0.2 or later. Update Gift Registry for WooCommerce WordPress plugin to version 1.0.1 or later, or apply a patch if available. Update Image Watermark for WooCommerce WordPress plugin to version 1.0.1 or later. Update Order Approval for WooCommerce WordPress plugin to version 1.1.0 or later. Update Order Tracking for WooCommerce WordPress plugin to version 1.0.2 or later. Update Price Calculator for WooCommerce WordPress plugin to version 1.0.3 or later. Update Product Dynamic Pricing and Discounts WordPress plugin to version 1.0.6 or later. Update Product Labels and Stickers WordPress plugin to version 1.0.1 or later, or apply a patch if available.