PT-2026-20581 · WordPress+1 · Printful Integration For Woocommerce+1
Adrian Lukita
·
Published
2026-02-19
·
Updated
2026-02-23
·
CVE-2025-12375
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Printful Integration for WooCommerce versions up to and including 2.2.11
Description
The Printful Integration for WooCommerce plugin for WordPress is susceptible to Server-Side Request Forgery via the advanced size chart REST API endpoint. Insufficient validation of user-supplied URLs before they are passed to the
download url() function allows authenticated attackers with Contributor-level access or higher to make web requests to arbitrary locations originating from the web application. This can potentially be used to query and modify information from internal services.Recommendations
Update Printful Integration for WooCommerce to a version later than 2.2.11.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Printful Integration For Woocommerce
Woocommerce