Primary

Context

A1POST.BG Shipping for Woo Privilege Escalation Vulnerability via Cross-Site Request Forgery

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the A1POST.BG Shipping for Woo plugin, versions prior to 1.5.1. This vulnerability allows for privilege escalation, as it could enable a malicious actor to manipulate users with higher privileges into performing unintended actions.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing lower-privileged users to gain higher-level access or rights within the application.

Remediation

Users of the A1POST.BG Shipping for Woo plugin should update to version 1.5.1 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

A1POST.BG Shipping for Woo Privilege Escalation Vulnerability via Cross-Site Request Forgery

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating