WordPress Plugin Vulnerabilities

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Settings Import via CSRF

Description

The plugin does not have CSRF check in place when importing its settings, which could allow attackers to make a logged in admin import them via a CSRF attack

Affects Plugins

Plugin icon
advanced-dynamic-pricing-for-woocommerce
Fixed in 4.1.6

References

CVE
CVE-2022-43491

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
9ab2147b-585d-4667-a26b-868ae96924e4

Timeline

Publicly Published
2022-10-30 (about 3 years ago)
Added
2022-11-08 (about 3 years ago)
Last Updated
2022-11-08 (about 3 years ago)

Other

Published
Title
Published
2026-01-23
Title
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity < 2.5.3 - Cross-Site Request Forgery to Survey Renaming
Published
2024-12-11
Title
Password for WP < 1.6 - Stored XSS via CSRF
Published
2023-06-26
Title
AutomateWoo < 5.7.6 - Cross-Site Request Forgery
Published
2026-03-03
Title
WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF
Published
2025-03-28
Title
WP Supersized <= 3.1.6 - Cross-Site Request Forgery