CVE-2025-15635
Received Received - Intake

Cross-Site Request Forgery in Zaytech Smart Online Order

Vulnerability report for CVE-2025-15635, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-15

Last updated on: 2026-04-23

Assigner: Patchstack

Description

Cross-Site Request Forgery (CSRF) vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-15
Last Modified
2026-04-23
Generated
2026-07-06
AI Q&A
2026-04-15
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
zaytech smart_online_order_for_clover From 1.0.0 (inc) to 1.6.0 (inc)
zaytech smart_online_order_for_clover to 1.6.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this Cross-Site Request Forgery (CSRF) vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-15635 is a Cross Site Request Forgery (CSRF) vulnerability affecting the WordPress Smart Online Order for Clover Plugin versions up to and including 1.6.0.

This vulnerability allows an attacker to trick higher privileged users into executing unwanted actions while authenticated, by having them perform actions such as clicking a malicious link, visiting a crafted page, or submitting a form.

The vulnerability requires no authentication to initiate but successful exploitation depends on user interaction by a privileged user.

It is classified under OWASP Top 10 A1: Broken Access Control and has a CVSS severity score of 4.3, indicating low severity and low priority.

Impact Analysis

This vulnerability could allow attackers to cause privileged users to perform unintended actions on the affected system without their consent.

Although the severity is considered low, it could be exploited in mass campaigns targeting many websites regardless of their traffic or popularity.

The impact is limited since exploitation requires user interaction and the vulnerability does not lead to direct data disclosure or system compromise.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

Immediate mitigation steps include updating the Smart Online Order for Clover plugin to a version beyond 1.6.0 if available.

If updating is not possible, seek assistance from your hosting provider or web developers to implement protective measures.

Since there is no official patch available as of the latest update, these steps are recommended to reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15635. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart