WordPress Plugin Vulnerabilities

Advanced Dynamic Pricing for WooCommerce < 4.1.4 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
advanced-dynamic-pricing-for-woocommerce
Fixed in 4.1.4

References

CVE
CVE-2022-38095

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
685060a8-abba-4097-940c-0b795722a354

Timeline

Publicly Published
2022-09-14 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2014-12-14
Title
Yurl Retwitt <= 1.4 - Multiple CSRF
Published
2025-04-01
Title
Uptime Robot Plugin for WordPress <= 2.3 - Cross-Site Request Forgery
Published
2025-09-19
Title
Internal Links Manager < 3.0.2 - Cross-Site Request Forgery
Published
2014-08-01
Title
Post Expirator <= 2.1.1 - Cross-Site Request Forgery
Published
2014-08-01
Title
Contextual Related Posts < 1.8.7 - Cross-Site Request Forgery