Skip to main content

CVE-2025-53569: CWE-352 Cross-Site Request Forgery (CSRF) in Trust Payments Trust Payments Gateway for WooCommerce (JavaScript Library)

Medium
VulnerabilityCVE-2025-53569cvecve-2025-53569cwe-352
Published: Fri Jul 04 2025 (07/04/2025, 08:42:02 UTC)
Source: CVE Database V5
Vendor/Project: Trust Payments
Product: Trust Payments Gateway for WooCommerce (JavaScript Library)

Description

Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trust Payments Gateway for WooCommerce (JavaScript Library) allows Cross Site Request Forgery. This issue affects Trust Payments Gateway for WooCommerce (JavaScript Library): from n/a through 1.3.6.

AI-Powered Analysis

AILast updated: 07/14/2025, 21:30:08 UTC

Technical Analysis

CVE-2025-53569 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Trust Payments Gateway for WooCommerce JavaScript library, affecting versions up to 1.3.6. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting unwanted actions on a web application in which they are currently authenticated. In this case, the vulnerability resides in the JavaScript library component of the Trust Payments Gateway plugin for WooCommerce, a popular e-commerce platform on WordPress. The vulnerability enables an attacker to craft malicious web requests that, when executed by a logged-in user, could perform unauthorized actions on their behalf without their consent or knowledge. The CVSS 3.1 base score is 4.3 (medium severity), with the vector indicating that the attack can be performed remotely (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R). The impact is limited to integrity (I:L) with no confidentiality or availability impact. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability is categorized under CWE-352, which specifically relates to CSRF issues. Since WooCommerce is widely used for online retail, this vulnerability could allow attackers to manipulate payment or transaction-related actions if users are tricked into visiting malicious sites while authenticated to affected WooCommerce stores using the Trust Payments Gateway plugin.

Potential Impact

For European organizations, especially e-commerce businesses using WooCommerce with the Trust Payments Gateway plugin, this vulnerability poses a risk of unauthorized transaction manipulation or other integrity violations. Although the vulnerability does not directly expose sensitive data or cause service disruption, attackers could potentially alter payment parameters or initiate fraudulent transactions by exploiting the CSRF flaw. This could lead to financial losses, reputational damage, and erosion of customer trust. Given the widespread adoption of WooCommerce in Europe, including small and medium enterprises, the threat could affect a broad range of online retailers. The requirement for user interaction means phishing or social engineering campaigns would likely be used to exploit this vulnerability, which aligns with common attack vectors targeting European consumers and businesses. Compliance with GDPR and other data protection regulations may also be impacted if unauthorized transactions lead to data misuse or breach of contractual obligations.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should immediately verify if they are using the Trust Payments Gateway for WooCommerce JavaScript library version 1.3.6 or earlier. They should monitor vendor communications for official patches or updates addressing CVE-2025-53569 and apply them promptly once available. In the interim, implementing anti-CSRF tokens in all state-changing requests within the WooCommerce environment can reduce risk. Web application firewalls (WAFs) with rules targeting CSRF attack patterns may provide temporary protection. Organizations should also educate users and staff about phishing risks and encourage cautious behavior regarding unsolicited links or websites. Additionally, reviewing and restricting the scope of JavaScript execution and ensuring secure cookie attributes (e.g., SameSite=strict) can help prevent CSRF exploitation. Regular security audits and penetration testing focused on CSRF vulnerabilities in payment workflows are recommended to identify and remediate similar issues proactively.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-07-03T14:51:06.793Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686796cc6f40f0eb729fa5a1

Added to database: 7/4/2025, 8:54:36 AM

Last enriched: 7/14/2025, 9:30:08 PM

Last updated: 7/16/2025, 10:17:06 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats