What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Cross Site Request Forgery.This issue affects Deliver via Shipos for WooCommerce: from n/a through <= 3.0.2.
Explanation of Vulnerability in Simple Terms
02Summary
The Deliver via Shipos for WooCommerce plugin contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unwanted actions on behalf of site administrators. An attacker can craft a malicious link or page that, when visited by an admin, executes unauthorized requests. The vulnerability affects versions 3.0.2 and earlier. Site owners should update to a version newer than 3.0.2 when available.
What an attacker can do
03Attacker Capabilities
Trick an admin into performing unwanted actions via a malicious link or page.
Potential impact on your site
04Site Impact
Attackers can modify plugin settings or perform actions without admin consent if an admin visits a malicious page.
Conditions required to exploit
05Prerequisites
Admin must visit a malicious page or click a crafted link while logged in.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
April 28, 2026
Record updated