Search criteria
6 vulnerabilities found for amazon_products_to_woocommerce by suhailahmad64
FKIE_CVE-2025-5817
Vulnerability from fkie_nvd - Published: 2025-07-02 04:15 - Updated: 2025-07-16 15:53
Severity ?
Summary
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| suhailahmad64 | amazon_products_to_woocommerce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suhailahmad64:amazon_products_to_woocommerce:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0DC397EF-BDEE-420B-A9EB-044427283169",
"versionEndIncluding": "1.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
},
{
"lang": "es",
"value": "El complemento Amazon Products to WooCommerce para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 1.2.7 incluida, mediante wcta2w_get_urls(). Esto permite a atacantes no autenticados realizar solicitudes web a ubicaciones arbitrarias desde la aplicaci\u00f3n web y utilizarlas para consultar y modificar informaci\u00f3n de servicios internos."
}
],
"id": "CVE-2025-5817",
"lastModified": "2025-07-16T15:53:33.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2025-07-02T04:15:58.783",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/import-products-to-wc/trunk/inc/urls-ajax.php#L28"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5055cf24-14c7-4533-8900-a5f4c1435201?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-5813
Vulnerability from fkie_nvd - Published: 2025-06-26 03:15 - Updated: 2025-07-07 16:04
Severity ?
Summary
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| suhailahmad64 | amazon_products_to_woocommerce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suhailahmad64:amazon_products_to_woocommerce:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0DC397EF-BDEE-420B-A9EB-044427283169",
"versionEndIncluding": "1.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces."
},
{
"lang": "es",
"value": "El complemento Amazon Products to WooCommerce para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n wcta2w_get_amazon_product_callback() en todas las versiones hasta la 1.2.7 incluida. Esto permite que atacantes no autenticados creen nuevos productos."
}
],
"id": "CVE-2025-5813",
"lastModified": "2025-07-07T16:04:42.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2025-06-26T03:15:24.800",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/import-products-to-wc/trunk/inc/functions.php#L266"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0906540-46fc-4f76-9265-cb87c6340fad?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
CVE-2025-5817 (GCVE-0-2025-5817)
Vulnerability from cvelistv5 – Published: 2025-07-02 03:47 – Updated: 2025-07-02 13:18
VLAI?
Title
Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery
Summary
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity ?
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| suhailahmad64 | Amazon Products to WooCommerce |
Affected:
* , ≤ 1.2.7
(semver)
|
Credits
ch4r0n
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T13:00:36.007069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:18:38.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Amazon Products to WooCommerce",
"vendor": "suhailahmad64",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ch4r0n"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T03:47:24.666Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5055cf24-14c7-4533-8900-a5f4c1435201?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/import-products-to-wc/trunk/inc/urls-ajax.php#L28"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-01T14:56:35.000+00:00",
"value": "Disclosed"
}
],
"title": "Amazon Products to WooCommerce \u003c= 1.2.7 - Unauthenticated Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5817",
"datePublished": "2025-07-02T03:47:24.666Z",
"dateReserved": "2025-06-06T16:38:33.740Z",
"dateUpdated": "2025-07-02T13:18:38.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5813 (GCVE-0-2025-5813)
Vulnerability from cvelistv5 – Published: 2025-06-26 02:22 – Updated: 2025-06-26 13:22
VLAI?
Title
Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation
Summary
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| suhailahmad64 | Amazon Products to WooCommerce |
Affected:
* , ≤ 1.2.7
(semver)
|
Credits
ch4r0n
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T13:22:24.584436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T13:22:38.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Amazon Products to WooCommerce",
"vendor": "suhailahmad64",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ch4r0n"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T02:22:22.986Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0906540-46fc-4f76-9265-cb87c6340fad?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/import-products-to-wc/trunk/inc/functions.php#L266"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-25T14:07:55.000+00:00",
"value": "Disclosed"
}
],
"title": "Amazon Products to WooCommerce \u003c= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5813",
"datePublished": "2025-06-26T02:22:22.986Z",
"dateReserved": "2025-06-06T16:06:46.182Z",
"dateUpdated": "2025-06-26T13:22:38.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5817 (GCVE-0-2025-5817)
Vulnerability from nvd – Published: 2025-07-02 03:47 – Updated: 2025-07-02 13:18
VLAI?
Title
Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery
Summary
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity ?
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| suhailahmad64 | Amazon Products to WooCommerce |
Affected:
* , ≤ 1.2.7
(semver)
|
Credits
ch4r0n
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T13:00:36.007069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:18:38.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Amazon Products to WooCommerce",
"vendor": "suhailahmad64",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ch4r0n"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T03:47:24.666Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5055cf24-14c7-4533-8900-a5f4c1435201?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/import-products-to-wc/trunk/inc/urls-ajax.php#L28"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-01T14:56:35.000+00:00",
"value": "Disclosed"
}
],
"title": "Amazon Products to WooCommerce \u003c= 1.2.7 - Unauthenticated Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5817",
"datePublished": "2025-07-02T03:47:24.666Z",
"dateReserved": "2025-06-06T16:38:33.740Z",
"dateUpdated": "2025-07-02T13:18:38.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5813 (GCVE-0-2025-5813)
Vulnerability from nvd – Published: 2025-06-26 02:22 – Updated: 2025-06-26 13:22
VLAI?
Title
Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation
Summary
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| suhailahmad64 | Amazon Products to WooCommerce |
Affected:
* , ≤ 1.2.7
(semver)
|
Credits
ch4r0n
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T13:22:24.584436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T13:22:38.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Amazon Products to WooCommerce",
"vendor": "suhailahmad64",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ch4r0n"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T02:22:22.986Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0906540-46fc-4f76-9265-cb87c6340fad?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/import-products-to-wc/trunk/inc/functions.php#L266"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-25T14:07:55.000+00:00",
"value": "Disclosed"
}
],
"title": "Amazon Products to WooCommerce \u003c= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5813",
"datePublished": "2025-06-26T02:22:22.986Z",
"dateReserved": "2025-06-06T16:06:46.182Z",
"dateUpdated": "2025-06-26T13:22:38.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}