•
HIGH Severity
CVE-2025-48144
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce
Overview
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in sidngr Import Export For WooCommerce that could allow for Stored XSS.
Technical Details
The vulnerability has been found in the Import Export For WooCommerce versions until 1.6.2. The flaw is Arbitrarily exploitable over the network with low complexity but the exploitation requires user interaction.
CVSS Metrics
- CVSS v3.1 Base Score: 7.1 (High)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Impact
It could allow an attacker to trick the user into performing an action unknowingly on the web application, leading to potential actions like Stored XSS.
Recommendations
Regularly update and patch the applications. Also, implement strong CSRF protection measures in the application.
Threat Metrics
- "cvss_score": 7.1
- "severity": "HIGH"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"