CVE-2025-57905
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | agreeme_checkboxes_for_woocommerce | 1.1.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the AgreeMe Checkboxes For WooCommerce plugin (versions up to 1.1.3). It allows an attacker to trick authenticated users with higher privileges into performing unintended actions on the site without their consent, potentially compromising site integrity. The attacker does not need to be authenticated themselves to exploit this vulnerability. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause privileged users to unknowingly execute actions that may alter site settings or data, leading to compromised site integrity. Although the severity is considered low and exploitation is unlikely to be widespread, it can still result in unauthorized changes or disruptions within the affected WooCommerce plugin environment. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves monitoring for unusual or unauthorized actions performed by authenticated users, as the vulnerability allows attackers to trick such users into unintended actions. Since no specific detection commands are provided, general recommendations include server-side malware scanning and monitoring web server logs for suspicious POST requests or unexpected changes related to the AgreeMe Checkboxes For WooCommerce plugin. Employing professional incident response services is also advised if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which provides automatic protection despite the absence of an official fix. Additionally, users should monitor for updates from the plugin developer or Patchstack, implement server-side malware scanning, restrict user privileges where possible, and consider professional incident response if compromise is suspected. [1]