Cross-Site Request Forgery Vulnerability in Dynamic Pricing & Discounts Lite for WooCommerce
CVE-2025-48342

5.4MEDIUM

What is CVE-2025-48342?

A Cross-Site Request Forgery vulnerability exists in the Dynamic Pricing & Discounts Lite for WooCommerce plugin, enabling attackers to forge requests on behalf of users without their consent. This vulnerability may allow unauthorized actions, compromising the integrity and security of user sessions, particularly for those utilizing versions up to 2.0.3.

Affected Version(s)

Dynamic Pricing &amp; Discounts Lite for WooCommerce <= 2.0.3

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lucky_buddy (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.