What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce woo-dynamic-pricing-discounts-lite allows Cross Site Request Forgery.This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through <= 2.0.4.
Explanation of Vulnerability in Simple Terms
02Summary
The Dynamic Pricing & Discounts Lite for WooCommerce plugin contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unwanted actions on behalf of site administrators. An attacker can trick an admin into visiting a malicious page, which then makes unauthorized changes to pricing or discount settings. The vulnerability affects versions up to 2.0.4 and requires user interaction to exploit.
What an attacker can do
03Attacker Capabilities
Trick a site admin into visiting a malicious page to modify pricing or discount settings without their knowledge.
Potential impact on your site
04Site Impact
Attackers can alter your product pricing and discount rules, potentially causing revenue loss or customer confusion.
Conditions required to exploit
05Prerequisites
Site admin must visit an attacker-controlled page while logged into WordPress.
Key dates
06Disclosure timeline
May 19, 2025
CVE published
April 28, 2026
Record updated