CVE-2025-1362

Name of the Vulnerable Software and Affected Versions The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin versions 9.0.2 and earlier

Description The issue concerns a lack of CSRF checks in some bulk actions of the plugin, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting customers via CSRF attacks.

Recommendations For versions 9.0.2 and earlier, update to a version that includes CSRF checks in all bulk actions to prevent unwanted actions by logged-in admins. As a temporary workaround, consider restricting access to bulk actions to minimize the risk of exploitation.