What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through <= 5.1.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Min Max Step Quantity Limits Manager for WooCommerce plugin through version 5.1.0 is vulnerable to cross-site request forgery (CSRF). An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the WooCommerce store without the admin's knowledge or consent. This could allow modification of product quantity settings or other plugin configurations.
What an attacker can do
03Attacker Capabilities
Perform unwanted actions on the WooCommerce store by tricking an admin into visiting a malicious webpage.
Potential impact on your site
04Site Impact
An attacker could alter product quantity limits or other plugin settings without your permission if you click a malicious link while logged in.
Conditions required to exploit
05Prerequisites
Admin must be logged in and visit a page controlled by the attacker (e.g., click a link in email or social media).
Key dates
06Disclosure timeline
June 10, 2025
CVE published
April 28, 2026
Record updated