Primary

Context

Conversios All-in-One Google Analytics and Product Feed Manager for WooCommerce Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Conversios All-in-One Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin, affecting versions through 5.2.3. This vulnerability allows attackers to manipulate plugin settings by exploiting the absence of proper CSRF protections.

Impact

Exploitation could enable attackers to force users with higher privileges to make unintended changes to the plugin settings, potentially leading to broader security issues.

Remediation

Users of the affected plugin should update to version 5.2.4 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: May 15, 2026, 12:21 PM

Updated: May 15, 2026, 12:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Conversios All-in-One Google Analytics and Product Feed Manager for WooCommerce Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Conversios.io All-in-one Google Analytics, Pixels and Product Feed Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating