PT-2025-10433 · WordPress · The Url Shortener | Conversion Tracking | Ab Testing | Woocommerce

Bob Matyas

Published

2025-03-09

Updated

2025-03-11

CVE-2025-1362

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin versions 9.0.2 and earlier

Description The issue concerns a lack of CSRF checks in some bulk actions of the plugin, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting customers via CSRF attacks.

Recommendations For versions 9.0.2 and earlier, update to a version that includes CSRF checks in all bulk actions to prevent unwanted actions by logged-in admins. As a temporary workaround, consider restricting access to bulk actions to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-1362

Affected Products

The Url Shortener | Conversion Tracking | Ab Testing | Woocommerce

PT-2025-10433 · WordPress · The Url Shortener | Conversion Tracking | Ab Testing | Woocommerce

CVE-2025-1362

Weakness Enumeration

Related Identifiers

Affected Products

References · 9