CVE-2023-35917

WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.

We have discovered 1,288 live websites that are affected by CVE-2023-35917.

Affected Software


Product	WooCommerce PayPal Payments
Category	Wordpress Plugins
Vulnerable Versions	from 0 through 2.0.4
Total Vulnerable Versions	34
Vulnerable Domains	1,288 live websites (10.27% of WooCommerce PayPal Payments install base)

Common Weakness Enumeration

CWE-352 Cross-Site Request Forgery (CSRF)

Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-35917 and the relative popularity of websites

Available Reports

Website List

Details

Published - Jun 22, 2023
Updated - Jun 22, 2023

Credits

Rafie Muhammad (Patchstack) (finder)

CWE

CWE-352

CVE References

CWE References

cwe.mitre.org

Countries

United States	453 websites

GB	166 websites
Germany	139 websites
Italy	108 websites
France	66 websites
Australia	65 websites
Spain	47 websites
Canada	31 websites
Cyprus	18 websites
Mexico	13 websites

TLDs

.com	703 websites
.co.uk	101 websites
.de	76 websites
.it	71 websites
.org	56 websites
.com.au	52 websites
.fr	28 websites
.net	25 websites
.es	17 websites
.ca	14 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2023-35917 through included software libraries and plugins.

References

https://patchstack.com/database/vulnerability/woocommerce-paypal-payments/wordpress-woocommerce-paypal-payments-plugin-2-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Websites affected by CVE-2023-35917

Top websites that are affected by CVE-2023-35917. Please click on the "Contact us" button above to get more information.

Domain	Country	Rank
*.***.com	Germany	,*
*.************.com	United States	,*
*.*********.com	United States	*,*
******..uk	GB	*,*
*.****************.com	United States	*,*
*****.*******.com	India	*,*
****************.de	Germany	*,*
*.******.net	Germany	*,*
********.com	United States	*,*
***********.************.com	United States	*,*

See full domain list

Domain	Country	Rank
*.***.com	Germany	,*
*.************.com	United States	,*
*.*********.com	United States	*,*
******..uk	GB	*,*
*.****************.com	United States	*,*
*****.*******.com	India	*,*
****************.de	Germany	*,*
*.******.net	Germany	*,*
********.com	United States	*,*
***********.************.com	United States	*,*