-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| woocommerce/woocommerce | composer | < 3.6.5 | 3.6.5 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stemmed from missing nonce checks in CSV import workflow handlers. The GitHub patch adds 'check_admin_referer' calls to three critical methods:- mapping_form (handles field mapping), import (executes import), and done (completion handler). These functions directly process user-controlled input during product imports but lacked CSRF protection pre-patch, enabling forged requests that could lead to XSS via malicious CSV data. The commit's focus on adding nonce verification to these specific functions confirms their central role in the vulnerability.
KEV Misses 88% of Exploited CVEs- Get the report