Cross-Site Request Forgery in USB Qr Code Scanner for WooCommerce by WordPress
CVE-2025-12588

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
Usb Qr Code Scanner For WooCommerce
Vendor
CVE Published:
11 November 2025

What is CVE-2025-12588?

The USB Qr Code Scanner For WooCommerce plugin for WordPress is affected by a vulnerability that allows unauthenticated attackers to exploit missing nonce validation on the settings page. This issue enables attackers to manipulate plugin settings by tricking an administrator into executing a malicious request, thus undermining the integrity of the application. Immediate action is recommended to mitigate potential risks.

Affected Version(s)

USB Qr Code Scanner For Woocommerce * <= 1.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/usb-qr-code-sc...
https://plugins.trac.wordpress.org/browser/usb-qr-code-sc...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dayea song
JSON
.