Cross-Site Request Forgery in Woocommerce – Loi Hamon by Nicolas GRILLET
CVE-2025-27355

7.1HIGH

Key Information:

Vendor: Nicolas Grillet
Status: WooCommerce – Loi Hamon
Vendor: CVE Published:; 24 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Woocommerce – Loi Hamon plugin developed by Nicolas GRILLET, which can be exploited to perform unintended actions on behalf of authenticated users. This flaw potentially opens the door for attackers to store malicious scripts, leading to Stored Cross-Site Scripting (XSS) attacks. Affected versions include all prior to 1.1.0, making it crucial for users to update to the latest version to mitigate risks.

Affected Version(s)

Woocommerce – Loi Hamon <= 1.1.0

References

https://patchstack.com/database/wordpress/plugin/loi-hamo...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)