Cross-Site Request Forgery in A1POST.BG Shipping for Woo by A1POST
CVE-2025-27012

8.8HIGH

Key Information:

Vendor: A1post
Status: A1post.bg Shipping For Woo
Vendor: CVE Published:; 22 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the A1POST.BG Shipping for Woo plugin, which could allow an attacker to perform unauthorized actions on behalf of an authenticated user. This flaw may lead to privilege escalation, enabling malicious users to gain higher permissions than intended. The issue affects the plugin versions up to and including 1.5.1, emphasizing the necessity for users to update their installations promptly to mitigate potential security risks.

Affected Version(s)

A1POST.BG Shipping for Woo <= 1.5.1

References

https://patchstack.com/database/wordpress/plugin/a1post-b...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Mika (Patchstack Alliance)