CSRF Vulnerability in Zaytech Smart Online Order for Clover
CVE-2025-15635

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Smart Online Order For Clover
Vendor: CVE Published:; 15 April 2026

What is CVE-2025-15635?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Zaytech Smart Online Order for Clover product. This security flaw allows unauthorized commands to be transmitted from a user that the application trusts, potentially leading to compromised user data and unintended actions performed on behalf of the user. Affected versions include those up to 1.6.0. It is crucial for users of the product to implement security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Smart Online Order for Clover <= 1.6.0

References

https://patchstack.com/database/wordpress/plugin/clover-o...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Mika | Patchstack Bug Bounty Program

CVE-2025-15635 Data

JSON

WordPress

What is CVE-2025-15635?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit