Describe the bug
The Custom Order Numbers for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
Describe the bug The Custom Order Numbers for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
Within the Wordfence Scan Wordfence said:
The Plugin "Custom Order Numbers for WooCommerce" has a security vulnerability. Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/7d19800a-bff3-414f-a809-0159f49d263a?source=plugin
Additional context https://wordpress.org/support/plugin/custom-order-numbers-for-woocommerce/