CVE-2023-3508

Name of the Vulnerable Software and Affected Versions WooCommerce Pre-Orders WordPress plugin versions prior to 2.0.3

Description The issue is related to a flawed CSRF check when processing tab actions. This could allow attackers to make logged-in admins perform unintended actions, such as emailing pre-orders customers, changing the released date, marking all pre-orders of a specific product as complete, or canceling them via CSRF attacks.

Recommendations For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's tab actions to minimize the risk of exploitation.