CVE-2025-1912

High CVSS: 7.6

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Vendor

Webtoffee

Product

Product Import Export For Woocommerce

CWE

CWE-918

Yayın Tarihi

2025-03-26 12:15:15

Güncelleme

2025-07-09 16:49:31

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-918 Product Import Export For Woocommerce HIGH Webtoffee 2025

Referanslar

https://plugins.trac.wordpress.org/browser/product-import-export-for-woo/trunk/admin/modules/import/classes/class-import-ajax.php#L175 https://plugins.trac.wordpress.org/changeset/3261194/ https://wordpress.org/plugins/product-import-export-for-woo/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/406b52dc-3d36-4b03-a932-34f456395979?source=cve

Benzer Kayıtlar

Medium

CVE-2024-8286

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which co…

Medium

CVE-2024-8397

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers whe…

Medium

CVE-2025-1769

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Direct…

Low

CVE-2025-1911

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitr…

High

CVE-2025-1913

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Ob…

High

CVE-2025-1971

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up…