CVE-2025-48342: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce plugin through version 2.0.3. The vulnerability was discovered and reported on March 24, 2025, and publicly disclosed on May 19, 2025 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The attack vector is network-based, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with low impact on integrity and availability, and no impact on confidentiality (NVD).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low, with limited impact on system integrity and availability (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The security issue has been classified as having a low severity impact, and virtual patching is deemed unnecessary according to the security assessment (Patchstack).