Vulnerability Details: Cross-Site Request Forgery (CSRF)/SQL Injection in WooCommerce Live Checkout Field Capture
One of the changelog entries for the latest version of the plugin WooCommerce Live Checkout Field Capture is “Improved database query security”. Looking at the changes made we found that referred to a SQL injection vulnerability exploitable through cross-site request forgery (CSRF), where the SQL injection portion was fixed, but not the CSRF portion.
…