Woo Commerce Minimum Weight WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Woo Commerce Minimum Weight plugin for WordPress, affecting all versions up to and including 3.0.1. The vulnerability arises from a lack of nonce verification in the settings update handler of edit-weight.php. This flaw allows unauthenticated attackers to alter the minimum order weight setting by deceiving a site administrator into clicking a link or visiting a page controlled by the attacker, which contains a forged POST request.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the minimum order weight setting, potentially leading to incorrect order processing or weight-based shipping calculations.

Added: May 12, 2026, 9:31 AM

Updated: May 12, 2026, 9:31 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Woo Commerce Minimum Weight WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

Woo Commerce Minimum Weight

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating