Unrated severityNVD Advisory· Published Mar 26, 2025· Updated Apr 8, 2026
Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function
CVE-2025-1912
Description
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected products
2- Range: <=2.5.0
- webtoffee/Product Import Export for WooCommerce – Import Export Product CSV Suitev5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- plugins.trac.wordpress.org/browser/product-import-export-for-woo/trunk/admin/modules/import/classes/class-import-ajax.phpmitre
- plugins.trac.wordpress.org/changeset/3261194/mitre
- wordpress.org/plugins/product-import-export-for-woo/mitre
- www.wordfence.com/threat-intel/vulnerabilities/id/406b52dc-3d36-4b03-a932-34f456395979mitre
News mentions
0No linked articles in our index yet.