The vulnerability is a Cross‑Site Request Forgery (CSRF) flaw in the Imdad Next Web iNext Woo Pincode Checker plugin. The plugin fails to verify CSRF tokens, and the CVE description indicates that any request matching the plugin’s expected pattern is accepted. Based on this description, an attacker could trigger plugin actions that normally require an authenticated session, potentially causing unauthorized modifications to the data that the plugin handles. This compromise would affect the integrity of plugin‑managed data while leaving the overall WordPress installation unaffected unless the plugin performs critical configuration tasks.

WordPress sites running the Imdad Next Web iNext Woo Pincode Checker plugin version 2.3.1 or older are impacted. The issue covers all versions from the earliest available through 2.3.1.

The CVSS score of 4.3 reflects moderate severity, and the EPSS score of less than 1% indicates a very low exploitation probability at the time of this analysis. The vulnerability is not in the CISA KEV catalog. While the CVE does not specify the exact attack path, CSRF usually requires a victim to be authenticated and to have an active session on the site; an attacker could embed a malicious form or link that submits a request to the vulnerable plugin endpoint. This inference is based on typical CSRF mechanisms, not on details supplied in the CVE.