Cross-Site Request Forgery in N-Media Bulk Product Sync Plugin
CVE-2025-31852

4.3MEDIUM

Key Information:

Vendor: N-media
Status: Bulk Product Sync
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-31852?

The N-Media Bulk Product Sync plugin for WordPress exhibits a vulnerability allowing Cross-Site Request Forgery (CSRF) attacks. This issue could enable an attacker to perform unauthorized actions on behalf of legitimate users within the affected versions, specifically from n/a through 8.6. Website operators using this plugin should take immediate precautionary measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Bulk Product Sync <= 8.6

References

https://patchstack.com/database/wordpress/plugin/sync-wc-...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

Mika (Patchstack Alliance)

N-media

What is CVE-2025-31852?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit