The vulnerability is a classic CSRF flaw (CWE‑352) that allows an attacker to submit a forged request from a malicious site and alter the configuration of the Product Quantity Dropdown For Woocommerce plugin. Because the plugin accepts state‑changing requests without verifying the request origin, any authenticated user who visits an attacker‑controlled page can trigger a form submission that reconfigures the plugin’s options. The compromised settings can hide or display product quantity fields, thereby disrupting the ordering flow. No direct code execution or data disclosure occurs, so the impact is limited to configuration integrity and user experience.

Silverplugins217’s Product Quantity Dropdown For Woocommerce plugin on WordPress sites is affected through version 1.2, including all earlier releases. Sites that have the plugin installed and active, especially those granting administrators or users with modification rights to the plugin settings, are vulnerable.

The CVSS score of 4.3 denotes moderate severity, and the EPSS score of less than 1 % indicates a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, further suggesting limited real‑world exploitation. Because the flaw requires the victim to be authenticated and to visit a malicious page, the success of an attack depends on social engineering or compromised credentials. While the risk to data confidentiality or integrity is minimal, the potential to disrupt the ordering process may degrade customer trust.