CVE-2025-12095 Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval

The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible...

CVE-2025-12095 Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval

The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible...

CVE-2025-12095

CVE-2025-12095 concerns the WordPress plugin Simple Registration for WooCommerce (up to version 1.5.8). The root cause is missing nonce validation on the role-requests admin page handler in includes/display-role-admin.php, enabling CSRF that can privilege-escalate via forged requests if an admin ...