Vulnerabilities and security researches forwoo-commerce-min-weight woo-commerce-min-weight

May 14, 2026

CVE, Research URL: CVE-2026-6932
Home page URL: Security reports for Woo Commerce Minimum Weight
Application: Woo Commerce Minimum Weight
Date: May 12, 2026
Research Description: The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify the minimum order weight setting by tricking a site administrator into clicking a link or visiting an attacker-controlled page containing a forged POST request.
Affected versions: max 3.0.1.
Status: vulnerable