CVE-2025-30857 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the PressMaximum Currency Switcher plugin for WooCommerce, specifically in versions up to and including 0.0.7. The vulnerability allows attackers to trick authenticated users into executing unwanted actions without their consent by exploiting the lack of proper CSRF protections in the plugin. This can lead to stored Cross-Site Scripting (XSS) attacks, where malicious scripts are injected and persist within the application, potentially compromising user sessions, stealing sensitive data, or altering site content. The vulnerability arises because the plugin does not validate the origin or authenticity of requests that modify currency switching settings or related functionalities. Since WooCommerce is a widely used e-commerce platform on WordPress, this vulnerability affects online stores using this plugin, exposing them to risks such as session hijacking, unauthorized configuration changes, and malicious code execution. Although no known exploits are currently in the wild, the vulnerability is publicly disclosed and can be targeted by attackers. The absence of a CVSS score indicates the need for a manual severity assessment, considering the attack vector, impact on confidentiality, integrity, and availability, and the scope of affected systems. The plugin's market penetration in e-commerce sites globally, especially in countries with high WooCommerce adoption, increases the potential impact. The vulnerability requires no user interaction beyond visiting a malicious site, making it easier to exploit. The lack of a patch at the time of disclosure necessitates immediate mitigation efforts by administrators.

The impact of CVE-2025-30857 is significant for organizations running WooCommerce stores with the vulnerable PressMaximum Currency Switcher plugin. Successful exploitation can lead to unauthorized actions performed in the context of authenticated users, including administrators, resulting in stored XSS attacks. This compromises the confidentiality of user data and session tokens, potentially allowing attackers to hijack sessions, steal sensitive customer information, or inject malicious scripts that affect site visitors. Integrity is also at risk as attackers can alter currency settings or other plugin configurations, disrupting e-commerce operations and potentially causing financial loss or reputational damage. Availability impact is moderate but could arise if malicious scripts disrupt normal site functionality or lead to denial-of-service conditions. The ease of exploitation without user interaction and the widespread use of WooCommerce amplify the threat's reach. Organizations may face regulatory compliance issues if customer data is compromised. The absence of known exploits in the wild currently limits immediate widespread damage but does not reduce the urgency of addressing the vulnerability.

Organizations should prioritize updating the PressMaximum Currency Switcher plugin to a patched version once available from the vendor. Until a patch is released, administrators should implement manual CSRF protections, such as adding nonce verification or token validation to all state-changing requests within the plugin. Input validation and output encoding should be enforced to prevent stored XSS payloads from executing. Restricting administrative access and enforcing least privilege principles can reduce the risk of exploitation. Web Application Firewalls (WAFs) can be configured to detect and block suspicious CSRF and XSS attack patterns targeting the plugin endpoints. Monitoring logs for unusual activity related to currency switching or plugin configuration changes can help detect exploitation attempts. Additionally, educating users about the risks of visiting untrusted websites while authenticated can reduce exposure. Regular security audits and vulnerability scanning of WordPress plugins should be part of ongoing security hygiene.