What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration trustmate-io-integration-for-woocommerce allows Cross Site Request Forgery.This issue affects TrustMate.io – WooCommerce integration: from n/a through <= 1.16.0.
Explanation of Vulnerability in Simple Terms
02Summary
TrustMate.io WooCommerce integration versions up to 1.16.0 contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the WooCommerce store without the admin's knowledge or consent. The vulnerability requires user interaction and does not expose sensitive data, but can modify store settings or data.
What an attacker can do
03Attacker Capabilities
Trick a logged-in admin into performing unwanted actions on the WooCommerce store via a malicious link or page.
Potential impact on your site
04Site Impact
Store settings or data could be altered without the admin's knowledge if they visit a compromised page while logged in.
Conditions required to exploit
05Prerequisites
Admin must be logged in and visit an attacker-controlled page or click a malicious link.
Key dates
06Disclosure timeline
September 5, 2025
CVE published
May 13, 2026
Record updated