Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Dotstore Extra Fees Plugin for WooCommerce: Unapproved Changes Possible
CVE-2026-39671
Summary
A security issue in the Dotstore Extra Fees Plugin for WooCommerce means someone with the right know-how could trick a user into making unintended changes to their store's settings. This affects versions of the plugin before 4.3.4. To fix the issue, update the plugin to the latest version.
Original title
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fe...
Original description
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3.
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026