Cross-Site Request Forgery Vulnerability in Import Export For WooCommerce by WordPress
CVE-2025-48144

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Import Export For WooCommerce
Vendor: CVE Published:; 16 May 2025

What is CVE-2025-48144?

A Cross-Site Request Forgery (CSRF) vulnerability in the Import Export For WooCommerce plugin can lead to stored Cross-Site Scripting (XSS) attacks. This allows malicious actors to exploit the vulnerability by sending unauthorized commands via user interactions, potentially compromising user data or performing unwanted actions on behalf of the user. It is essential for users of this plugin, especially versions prior to 1.6.2, to be aware of this risk and take necessary precautions.

Affected Version(s)

Import Export For WooCommerce <= 1.6.2

References

https://patchstack.com/database/wordpress/plugin/import-e...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2025
Vulnerability Reserved
May 15, 2025

Credit

Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)