What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.
Explanation of Vulnerability in Simple Terms
02Summary
The UPC/EAN/GTIN Code Generator through version 2.0.2 is vulnerable to cross-site request forgery (CSRF). An attacker can trick a site administrator into performing unintended actions by crafting a malicious link or page. The vulnerability requires the admin to click the link while logged in. No authentication bypass or data theft occurs, but the attacker can modify site settings or data.
What an attacker can do
03Attacker Capabilities
Trick a logged-in admin into performing unintended actions on the site via a malicious link.
Potential impact on your site
04Site Impact
An attacker can modify plugin settings or data if they trick an admin into clicking a crafted link.
Conditions required to exploit
05Prerequisites
Admin must click a malicious link while logged into the site.
Key dates
06Disclosure timeline
October 22, 2025
CVE published
April 28, 2026
Record updated