{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30854", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-03-26T09:21:01.288Z", "datePublished": "2025-03-27T10:55:28.301Z", "dateUpdated": "2026-04-01T15:47:46.133Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "serial-codes-generator-and-validator", "product": "Serial Codes Generator and Validator with WooCommerce Support", "vendor": "Vollstart", "versions": [{"changes": [{"at": "2.7.8", "status": "unaffected"}], "lessThanOrEqual": "2.7.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Xuan Chien | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:36:31.959Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Cross Site Request Forgery.<p>This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through <= 2.7.7.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Cross Site Request Forgery.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through <= 2.7.7."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:47:46.133Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/serial-codes-generator-and-validator/vulnerability/wordpress-serial-codes-generator-and-validator-with-woocommerce-support-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "title": "WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-27T13:58:19.639624Z", "id": "CVE-2025-30854", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T14:01:38.555Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30854", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-27T13:58:19.639624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T13:58:21.006Z"}}], "cna": {"title": "WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Xuan Chien (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Saso", "product": "Serial Codes Generator and Validator with WooCommerce Support", "versions": [{"status": "affected", "changes": [{"at": "2.7.8", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.7.7"}], "packageName": "serial-codes-generator-and-validator", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Serial Codes Generator and Validator with WooCommerce Support plugin to the latest available version (at least 2.7.8).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Serial Codes Generator and Validator with WooCommerce Support plugin to the latest available version (at least 2.7.8).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/serial-codes-generator-and-validator/vulnerability/wordpress-serial-codes-generator-and-validator-with-woocommerce-support-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery. This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.7.7.", "supportingMedia": [{"type": "text/html", "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery.</p><p>This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.7.7.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-03-27T18:57:09.440Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30854", "state": "PUBLISHED", "dateUpdated": "2025-03-27T18:57:09.440Z", "dateReserved": "2025-03-26T09:21:01.288Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-03-27T10:55:28.301Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Cross Site Request Forgery.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through <= 2.7.7."}, {"lang": "es", "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Saso Serial Codes Generator and Validator with WooCommerce Support permite Cross-Site Request Forgery. Este problema afecta al generador y validador de c\u00f3digos de serie compatible con WooCommerce desde n/d hasta la versi\u00f3n 2.7.7."}], "id": "CVE-2025-30854", "lastModified": "2026-04-01T17:20:27.330", "metrics": {}, "published": "2025-03-27T11:15:46.390", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/serial-codes-generator-and-validator/vulnerability/wordpress-serial-codes-generator-and-validator-with-woocommerce-support-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}