PT-2025-27593 · WordPress · Amazon Products To Woocommerce

Ch4R0N

Published

2025-07-02

Updated

2025-07-07

CVE-2025-5817

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Amazon Products to WooCommerce plugin for WordPress versions prior to 1.2.8

Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services. The vulnerability is related to the wcta2w get urls() function.

Recommendations: For versions up to and including 1.2.7, consider disabling the wcta2w get urls() function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-5817

Affected Products

Amazon Products To Woocommerce

PT-2025-27593 · WordPress · Amazon Products To Woocommerce

CVE-2025-5817

Weakness Enumeration

Related Identifiers

Affected Products

References · 6