This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the codemstory 워드프레스 결제 심플페이 plugin for WooCommerce, affecting versions up to 5.2.11. CSRF vulnerabilities allow attackers to induce users to perform actions without their consent, leveraging the user's authenticated session. The CVSS 3.1 vector indicates the attack can be performed remotely over the network with low attack complexity, no privileges required, and requires user interaction. The impact is limited to integrity and availability, with no confidentiality impact reported. No patch or mitigation details are currently provided by the vendor or advisory sources.

An attacker could exploit this CSRF vulnerability to cause unintended actions on behalf of an authenticated user, potentially leading to limited integrity and availability impacts within the affected plugin. There is no indication of confidentiality compromise. The medium CVSS score reflects moderate risk, but no active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is available, users should exercise caution with the affected plugin and consider disabling it if possible. Implementing standard CSRF protections or using security plugins that provide CSRF mitigation may reduce risk, but no vendor-specific mitigation is documented.