CVE-2025-39453: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in algol.plus Advanced Dynamic Pricing for WooCommerce plugin, affecting versions through 4.9.3. The vulnerability was reported on March 24, 2025, by researcher lucky_buddy and was officially published on April 17, 2025 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and received a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with low impact on integrity and no impact on confidentiality or availability (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is specifically related to settings changes in the Advanced Dynamic Pricing for WooCommerce plugin (Patchstack).

The vulnerability has been fixed in version 4.9.5 of the Advanced Dynamic Pricing for WooCommerce plugin. Users are advised to update to version 4.9.5 or later to remove the vulnerability (Patchstack).