Cross-Site Request Forgery in Product Configurator for WooCommerce by mklacroix
CVE-2025-54674
5.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 14 August 2025
What is CVE-2025-54674?
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Product Configurator for WooCommerce by mklacroix. This flaw allows attackers to send unauthorized commands via the application, potentially compromising user actions without their consent. This issue impacts versions n/a through 1.4.4 of the Product Configurator, urging users to implement necessary security measures to safeguard their online stores.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Product Configurator for WooCommerce <= 1.4.4
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nguyen Xuan Chien (Patchstack Alliance)