Impact
The vulnerability is a cross‑site request forgery flaw that permits attackers to trigger unauthorized state‑changing actions within the WP EasyPay plugin on a WordPress site. The CVE description does not explicitly state the necessary user session context, but it can be inferred that an authenticated user would be required to carry out the exploited requests, enabling the attacker to create or modify payment settings, user accounts, or other data, thereby compromising confidentiality and integrity.
Affected Systems
The affected product is Saad Iqbal WP EasyPay plugin, all publicly available releases from arbitrarily early versions up to and including version 4.5.0 are impacted. No specific patch level or configuration details are enumerated beyond the version range.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity. The EPSS of less than 1% suggests a low likelihood of widespread exploitation at this time. The CVE description does not explicitly state the exact attack vector; however, based on common CSRF characteristics, it is inferred that an attacker would need the victim to be logged in to the WordPress site and the ability to induce that user to submit a crafted request to the plugin's endpoints. The vulnerability is not listed in the CISA KEV catalog.
OpenCVE Enrichment