This vulnerability is a Cross-Site Request Forgery (CSRF) in the Dynamic Pricing & Discounts Lite for WooCommerce plugin (version ≤ 2.0.4) by RedefiningTheWeb. It allows an attacker to induce an authenticated user to perform unintended actions via crafted requests, potentially altering plugin configurations or discount rules. The CVSS 3.1 base score is 5.4 (medium), with network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and low availability impact. The vulnerability is publicly disclosed but lacks an official patch or mitigation guidance from the vendor.

The vulnerability can lead to unauthorized modification of plugin settings or discount rules through CSRF attacks, impacting the integrity and availability of the affected WooCommerce plugin's functionality. There is no impact on confidentiality. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider implementing CSRF protections such as verifying nonces or tokens on sensitive actions and restricting access to trusted users only. Monitor for updates from RedefiningTheWeb regarding patches or official mitigations.