CVE-2025-28876 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Skrill Official plugin for WooCommerce, maintained by Skrill_Team. The affected versions include all releases up to and including 1.0.66. CSRF vulnerabilities occur when a web application does not properly verify that requests made to it originate from legitimate users, allowing attackers to craft malicious web pages that cause authenticated users to unknowingly execute unwanted actions. In this case, the Skrill Official plugin lacks sufficient anti-CSRF protections such as tokens or proper referer validation, enabling attackers to perform unauthorized operations on behalf of logged-in users. This can lead to unauthorized changes in payment settings, initiation of transactions, or other actions supported by the plugin's interface. The vulnerability does not require the attacker to have direct access credentials but does require the victim to be authenticated and visit a malicious site. No CVSS score has been assigned yet, and no public exploits have been reported. The plugin is widely used in WooCommerce-based e-commerce platforms to facilitate Skrill payments, making this vulnerability relevant to online merchants using this payment gateway.

The primary impact of this CSRF vulnerability is on the integrity and potentially the confidentiality of payment-related operations within WooCommerce stores using the Skrill Official plugin. Attackers can induce authenticated users to perform unintended actions such as modifying payment configurations, initiating fraudulent transactions, or altering user account details related to Skrill payments. This can lead to financial losses, reputational damage, and disruption of e-commerce operations. Since the vulnerability requires the victim to be logged in, the scope is limited to active users with sufficient privileges, but given the nature of e-commerce transactions, even a limited number of successful attacks can have significant consequences. The availability of the service is less likely to be directly impacted, but indirect effects such as transaction disputes or service interruptions may occur. Organizations worldwide that rely on Skrill Official for payment processing in WooCommerce are at risk, especially those with high transaction volumes or sensitive financial data.

To mitigate CVE-2025-28876, organizations should immediately update the Skrill Official plugin to a version that includes a fix once available. In the absence of an official patch, administrators can implement the following measures: 1) Employ web application firewalls (WAFs) with rules to detect and block CSRF attack patterns targeting the plugin endpoints. 2) Enforce strict same-site cookie attributes (SameSite=Lax or Strict) to reduce the risk of CSRF attacks via cross-origin requests. 3) Educate users to avoid clicking suspicious links or visiting untrusted websites while logged into their WooCommerce admin accounts. 4) Implement additional server-side validation for critical actions, such as requiring re-authentication or CAPTCHA challenges. 5) Monitor logs for unusual activity related to Skrill Official plugin endpoints to detect potential exploitation attempts. 6) Consider temporarily disabling the Skrill Official plugin if immediate patching is not possible and alternative payment methods are available. These steps will help reduce the risk until a patched version is deployed.