CVE-2023-2329

Name of the Vulnerable Software and Affected Versions WooCommerce Google Sheet Connector WordPress plugin versions prior to 1.3.6

Description The issue concerns a lack of CSRF check when updating the Access Code, allowing attackers to potentially make logged-in admins change the access code to an arbitrary one via a CSRF attack.

Recommendations For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.