PT-2025-16656 · Woocommerce · Wp Trio Conditional Shipping For Woocommerce

Lucky_Buddy

Published

2025-04-16

Updated

2025-04-20

CVE-2025-39564

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions WP Trio Conditional Shipping for WooCommerce versions 3.4.0 and earlier

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing a specific action, such as clicking a link or submitting a form, that the attacker has crafted to exploit the vulnerability.

Recommendations For versions 3.4.0 and earlier, update to a version that includes a fix for this issue, as no specific workaround or mitigation measures are provided.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-39564

Affected Products

Wp Trio Conditional Shipping For Woocommerce

PT-2025-16656 · Woocommerce · Wp Trio Conditional Shipping For Woocommerce

CVE-2025-39564

Weakness Enumeration

Related Identifiers

Affected Products

References · 4