Primary

Context

Simple Registration for WooCommerce Cross-Site Request Forgery Vulnerability in WordPress

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Simple Registration for WooCommerce plugin for WordPress, affecting all versions through 1.5.8. The vulnerability arises from inadequate nonce validation on the role requests admin page handler, located in the includes/display-role-admin.php file. This flaw allows unauthenticated attackers to approve pending role requests and escalate user privileges by sending a forged request, provided they can deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized approval of role requests, allowing attackers to escalate privileges on the affected WordPress site.

Remediation

Users are advised to update the Simple Registration for WooCommerce plugin to version 1.5.9 or a newer patched version.

Added: Oct 25, 2025, 6:24 AM

Updated: Oct 25, 2025, 6:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Simple Registration for WooCommerce Cross-Site Request Forgery Vulnerability in WordPress

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating