CVE-2025-48342 MEDIUM

CVE-2025-48342: WordPress Dynamic Pricing & Discounts Lite for WooCommerce plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Vendor Redefiningtheweb
Product Dynamic Pricing & Discounts Lite for WooCommerce
Weakness CWE-352 · CSRF
Published May 19, 2025
Last update April 28, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce woo-dynamic-pricing-discounts-lite allows Cross Site Request Forgery.This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through <= 2.0.4.

Explanation of Vulnerability in Simple Terms

02Summary

The Dynamic Pricing & Discounts Lite for WooCommerce plugin contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unwanted actions on behalf of site administrators. An attacker can trick an admin into visiting a malicious page, which then makes unauthorized changes to pricing or discount settings. The vulnerability affects versions up to 2.0.4 and requires user interaction to exploit.

What an attacker can do

03Attacker Capabilities

Trick a site admin into visiting a malicious page to modify pricing or discount settings without their knowledge.

Potential impact on your site

04Site Impact

Attackers can alter your product pricing and discount rules, potentially causing revenue loss or customer confusion.

Conditions required to exploit

05Prerequisites

Site admin must visit an attacker-controlled page while logged into WordPress.

Key dates

06Disclosure timeline

May 19, 2025 CVE published
April 28, 2026 Record updated