CVE-2025-12375

Name of the Vulnerable Software and Affected Versions Printful Integration for WooCommerce versions up to and including 2.2.11

Description The Printful Integration for WooCommerce plugin for WordPress is susceptible to Server-Side Request Forgery via the advanced size chart REST API endpoint. Insufficient validation of user-supplied URLs before they are passed to the download url() function allows authenticated attackers with Contributor-level access or higher to make web requests to arbitrary locations originating from the web application. This can potentially be used to query and modify information from internal services.

Recommendations Update Printful Integration for WooCommerce to a version later than 2.2.11.