Server-Side Request Forgery in WordPress & WooCommerce Scraper Plugin by Extendons
CVE-2025-62088

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: WordPress & WooCommerce Scraper Plugin, Import Data From Any Site
Vendor: CVE Published:; 31 December 2025

What is CVE-2025-62088?

A Server-Side Request Forgery (SSRF) vulnerability exists in the Extendons WordPress & WooCommerce Scraper Plugin. This vulnerability allows attackers to send crafted requests from the server, potentially exposing sensitive internal resources and leading to unauthorized actions on behalf of the system. Affected users should immediately review their installations, particularly versions from n/a through 1.0.7, to ensure their systems are protected from potential exploitation.

Affected Version(s)

WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7

References

https://vdp.patchstack.com/database/wordpress/plugin/wp_s...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2025
Vulnerability Reserved
Oct 7, 2025

Credit

Bonds | Patchstack Bug Bounty Program

JSON