Cross-Site Request Forgery Vulnerability in Import Export For WooCommerce by WordPress
CVE-2025-48144

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Import Export For WooCommerce
Vendor: CVE Published:; 16 May 2025

What is CVE-2025-48144?

A Cross-Site Request Forgery (CSRF) vulnerability in the Import Export For WooCommerce plugin can lead to stored Cross-Site Scripting (XSS) attacks. This allows malicious actors to exploit the vulnerability by sending unauthorized commands via user interactions, potentially compromising user data or performing unwanted actions on behalf of the user. It is essential for users of this plugin, especially versions prior to 1.6.2, to be aware of this risk and take necessary precautions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Import Export For WooCommerce <= 1.6.2

References

https://patchstack.com/database/wordpress/plugin/import-e...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 16, 2025
Vulnerability Reserved
May 15, 2025

Credit

Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)

JSON

WordPress