Description
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.
Published: 2025-10-22
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A CSRF flaw in the UPC/EAN/GTIN Code Generator plugin allows an attacker to cause a logged‑in WordPress user to execute code generation or related actions without the user’s consent. The vulnerability does not directly expose data or compromise the system, but it permits misuse of the user’s permissions to perform unintended operations.

Affected Systems

WordPress installations running the UPC/EAN/GTIN Code Generator plugin version 2.0.2 or earlier are affected. No other versions or components are impacted by this issue.

Risk and Exploitability

The CVSS score of 4.3 reflects moderate risk severity. The EPSS score of <1% indicates a low probability of exploitation, yet this does not eliminate risk. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is sending a forged request to the plugin’s endpoint, typically via a crafted URL or embedded link, while a legitimate user is authenticated to the site. Successful exploitation would allow the attacker to perform the plugin’s functions as the victim.

Generated by OpenCVE AI on April 30, 2026 at 05:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the UPC/EAN/GTIN Code Generator plugin to the latest version that eliminates the CSRF flaw
  • If an upgrade is not feasible, deactivate or remove the plugin from the WordPress installation
  • Implement CSRF safeguards such as nonce verification or apply web application firewall rules to block forged requests

Generated by OpenCVE AI on April 30, 2026 at 05:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Fri, 24 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Oct 2025 13:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Thu, 23 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 22 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.
Title WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:58.919Z

Reserved: 2025-10-07T15:34:03.910Z

Link: CVE-2025-62009

cve-icon Vulnrichment

Updated: 2025-10-24T12:44:35.919Z

cve-icon NVD

Status : Deferred

Published: 2025-10-22T15:16:02.780

Modified: 2026-06-17T09:51:12.020

Link: CVE-2025-62009

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T05:30:06Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)