Vulnerabilities and security researches forconditional-shipping-for-woocommerce conditional-shipping-for-woocommerce

Apr 18, 2025

CVE, Research URL: CVE-2025-39564
Home page URL: Security reports for Conditional Shipping for WooCommerce
Application: Conditional Shipping for WooCommerce
Date: Apr 16, 2025
Research Description: Conditional Shipping for WooCommerce [conditional-shipping-for-woocommerce] < 3.4.1 CVE-2025-39564 [en] Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Shipping for WooCommerce: from n/a through 3.4.0.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: 80e91b2d1641afe97edd2816ac7a5659ebcba5d2
Home page URL: Security reports for Conditional Shipping for WooCommerce
Application: Conditional Shipping for WooCommerce
Date: Dec 12, 2022
Research Description: Conditional Shipping for WooCommerce [conditional-shipping-for-woocommerce] < 2.3.2 Conditional Shipping for WooCommerce <= 2.3.1 - Cross-Site Request Forgery The Conditional Shipping for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the toggle_ruleset function. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-46815
Home page URL: Security reports for Conditional Shipping for WooCommerce
Application: Conditional Shipping for WooCommerce
Date: Feb 03, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.
Affected versions: Min -, max -.
Status: vulnerable