- Description
- The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks
- Source
- contact@wpscan.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 3.4
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-352
- Hype score
- Not currently trending
🚨 CVE-2025-1362 ❓ 🏢 Unknown - URL Shortener | Conversion Tracking | AB Testing | WooCommerce 🏗️ 0 🔗 https://t.co/cVHUQjeiFv #CyberCron #VulnAlert #InfoSec https://t.co/NDZtGUqsBn
@cybercronai
10 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1362 The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow at… https://t.co/HgwLMg0Q9u
@CVEnew
9 Mar 2025
802 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tahminajannat:url_shortener_\\|_conversion_tracking_\\|_ab_testing_\\|_woocommerce:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "07D9E8DB-7D1A-409D-B552-FF83BE10CE3D",
"versionEndIncluding": "9.0.2"
}
],
"operator": "OR"
}
]
}
]