Login Sign Up

CVE-2023-32745

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in the WooCommerce AutomateWoo plugin allows attackers to trick authenticated administrators into performing unintended actions. It affects WordPress sites running AutomateWoo version 5.7.1 or earlier. Successful exploitation could lead to unauthorized workflow modifications or data manipulation.

💻 Affected Systems

Products:
  • WordPress AutomateWoo plugin
Versions: <= 5.7.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress with WooCommerce and AutomateWoo plugin installed. Vulnerability exists in default configuration.

📦 What is this software?

Automatewoo by Woocommerce

View all CVEs affecting Automatewoo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could create malicious workflows that send spam, modify customer data, or disrupt e-commerce operations without admin knowledge.

🟠

Likely Case

Attackers create automated workflows that send spam emails to customers or modify order statuses, damaging business reputation and operations.

🟢

If Mitigated

With proper CSRF protections, the vulnerability is neutralized and no unauthorized actions can be performed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking authenticated admin to click malicious link. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7.2

Vendor Advisory: https://patchstack.com/database/vulnerability/automatewoo/wordpress-automatewoo-plugin-5-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find AutomateWoo and click 'Update Now'. 4. Verify version is 5.7.2 or higher.

🔧 Temporary Workarounds

CSRF Protection Headers

all

Add CSRF protection headers via web server configuration or security plugin

# For Apache: Add 'Header set X-Frame-Options SAMEORIGIN' to .htaccess
# For Nginx: add 'add_header X-Frame-Options SAMEORIGIN;' to config

Disable Plugin

linux

Temporarily disable AutomateWoo plugin until patched

wp plugin deactivate automatewoo

🧯 If You Can't Patch

  • Implement strict SameSite cookie policies for admin sessions
  • Use security plugins with CSRF protection like Wordfence or Sucuri

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > AutomateWoo version. If version <= 5.7.1, vulnerable.

Check Version:

wp plugin get automatewoo --field=version

Verify Fix Applied:

Verify AutomateWoo version is 5.7.2 or higher in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

  • Unusual workflow creation/modification logs in AutomateWoo
  • Multiple failed CSRF token validations in WordPress logs

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php without proper referrer headers
  • Suspicious workflow-related API calls from unexpected sources

SIEM Query:

source="wordpress.log" AND ("automatewoo" AND "workflow") AND status="created" OR status="modified"

📊 Metadata

CVE ID: CVE-2023-32745
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: November 9, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32745, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)