CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-30854: WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability

4.3 CVSS

Description

Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery. This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.7.7.

Classification

CVE ID: CVE-2025-30854

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem Types

CWE-352 Cross-Site Request Forgery (CSRF)

Affected Products

Vendor: Saso

Product: Serial Codes Generator and Validator with WooCommerce Support

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.17% (scored less or equal to compared to others)

EPSS Date: 2025-04-25 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30854
https://patchstack.com/database/wordpress/plugin/serial-codes-generator-and-validator/vulnerability/wordpress-serial-codes-generator-and-validator-with-woocommerce-support-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Timeline

2025-03-27 11:40:12 UTC
CVE

WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability