CVE-2025-1912

Name of the Vulnerable Software and Affected Versions Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress versions up to, and including, 2.5.0

Description The issue allows authenticated attackers with Administrator-level access and above to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services. The vulnerability is related to the validate file() function.

Recommendations For versions up to, and including, 2.5.0, consider disabling the validate file() function as a temporary workaround until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.