CVE-2025-15635
Received Received - Intake
Cross-Site Request Forgery in Zaytech Smart Online Order

Publication date: 2026-04-15

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Cross-Site Request Forgery (CSRF) vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15635
EUVD
EUVD-2025-209479
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
zaytech smart_online_order_for_clover From 1.0.0 (inc) to 1.6.0 (inc)
zaytech smart_online_order_for_clover to 1.6.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this Cross-Site Request Forgery (CSRF) vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-15635 is a Cross Site Request Forgery (CSRF) vulnerability affecting the WordPress Smart Online Order for Clover Plugin versions up to and including 1.6.0.

This vulnerability allows an attacker to trick higher privileged users into executing unwanted actions while authenticated, by having them perform actions such as clicking a malicious link, visiting a crafted page, or submitting a form.

The vulnerability requires no authentication to initiate but successful exploitation depends on user interaction by a privileged user.

It is classified under OWASP Top 10 A1: Broken Access Control and has a CVSS severity score of 4.3, indicating low severity and low priority.

Impact Analysis

This vulnerability could allow attackers to cause privileged users to perform unintended actions on the affected system without their consent.

Although the severity is considered low, it could be exploited in mass campaigns targeting many websites regardless of their traffic or popularity.

The impact is limited since exploitation requires user interaction and the vulnerability does not lead to direct data disclosure or system compromise.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

Immediate mitigation steps include updating the Smart Online Order for Clover plugin to a version beyond 1.6.0 if available.

If updating is not possible, seek assistance from your hosting provider or web developers to implement protective measures.

Since there is no official patch available as of the latest update, these steps are recommended to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15635. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart