CSRF Vulnerability in WooCommerce WordPress Plugin by WPShortener
CVE-2025-1362

Currently unrated

Key Information:

Vendor: WordPress
Status: Url Shortener | Conversion Tracking | Ab Testing | WooCommerce
Vendor: CVE Published:; 9 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The WooCommerce WordPress plugin by WPShortener, up to version 9.0.2, lacks adequate CSRF checks in several bulk actions. This oversight may permit attackers to exploit the plugin, enabling logged-in administrators to be coerced into performing unwanted actions, such as inadvertently deleting customer records via malicious CSRF requests. It is crucial for users to be aware of this vulnerability and take necessary precautions to protect their web applications.

Affected Version(s)

URL Shortener | Conversion Tracking | AB Testing | WooCommerce 0 <= 9.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-1362 - Proof of Concept

References

https://wpscan.com/vulnerability/035cc502-a514-440f-8808-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Mar 9, 2025
👾
Exploit known to exist
Mar 9, 2025
Vulnerability published
Mar 9, 2025
Vulnerability Reserved
Feb 16, 2025

Credit

Bob Matyas

WPScan