CVE-2025-1362

MEDIUM

URL Shortener | Conversion Tracking | AB Testing | WooCommerce < 9.0.2 - Cross-Site Request Forgery in Bulk Actions

Title source: llm
STIX 2.1

Description

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/035cc502-a514-440f-8808-5655c8c915e2/

Scores

CVSS v3 4.3
EPSS 0.0016
EPSS Percentile 5.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
tahminajannat/url_shortener_\|_conversion_tracking_\|_ab_testing_\|_woocommerce < 9.0.2
Published Mar 09, 2025
Tracked Since Feb 18, 2026