cleantalk
Vulnerabilities and Security Researches

Woo Commerce Minimum Weight, CVE-2026-6932

CVE, Research URL

CVE-2026-6932

Home page URL

Security reports for Woo Commerce Minimum Weight

Application

Woo Commerce Minimum Weight

Published on
May 12, 2026
Research Description
The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify the minimum order weight setting by tricking a site administrator into clicking a link or visiting an attacker-controlled page containing a forged POST request.
Affected versions
max 3.0.1.
Status
vulnerable
Previous vulnerability researches
LifePress (CVE-2025-53337) , Aug 24, 2025
LifePress (CVE-2026-24563) , Jan 27, 2026
LifePress (CVE-2026-6690) , May 14, 2026
New vulnerability
Views for WPForms – Display & Edit WPForms Entries on your site frontend (CVE-2026-42742) , May 14, 2026
LifePress (CVE-2026-6690) , May 14, 2026
Woo Commerce Minimum Weight (CVE-2026-6932) , May 14, 2026
OceanWP (CVE-2025-8944) , May 14, 2026
130+ Widgets | Best Addons For Elementor – FREE (CVE-2026-45214) , May 14, 2026