Plattform
wordpress
Komponente
import-products-to-wc
Behoben in
1.2.8
CVE-2025-5817 is a Server-Side Request Forgery (SSRF) vulnerability discovered in the Amazon Products to WooCommerce plugin for WordPress. This flaw allows unauthenticated attackers to initiate web requests to arbitrary locations, potentially exposing sensitive internal resources. The vulnerability impacts versions 1.0.0 through 1.2.7, and a patch is available in version 1.2.8.
The SSRF vulnerability in Amazon Products to WooCommerce enables attackers to craft malicious requests that originate from the plugin itself. This can be exploited to query internal services that are not directly accessible from the outside world. An attacker could potentially retrieve sensitive data, modify configurations, or even trigger actions on internal systems. The blast radius extends to any internal resources accessible via HTTP or HTTPS from the WordPress server. This vulnerability is particularly concerning as it requires no authentication, making it easily exploitable by a wide range of attackers.
CVE-2025-5817 was publicly disclosed on 2025-07-02. No known public proof-of-concept exploits are currently available, but the SSRF nature of the vulnerability makes it likely that exploits will be developed. The EPSS score is currently pending evaluation, but the ease of exploitation suggests a potential for medium to high probability of exploitation. This vulnerability shares similarities with other SSRF vulnerabilities where attackers leverage plugins to bypass security controls.
WordPress websites utilizing the Amazon Products to WooCommerce plugin, particularly those with internal services accessible via HTTP or HTTPS, are at risk. Shared hosting environments are especially vulnerable as they often have limited control over plugin updates and configurations. Legacy WordPress installations running older versions of PHP or with outdated security practices are also at increased risk.
• wordpress / composer / npm:
grep -r 'wcta2w_get_urls()' /var/www/html/wp-content/plugins/amazon-products-to-woocommerce/*• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/amazon-products-to-woocommerce/ | grep Server• wordpress / composer / npm:
wp plugin list | grep 'amazon-products-to-woocommerce'• wordpress / composer / npm:
wp plugin status | grep 'amazon-products-to-woocommerce'disclosure
Exploit-Status
EPSS
0.18% (40% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-5817 is to immediately upgrade the Amazon Products to WooCommerce plugin to version 1.2.8 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block outbound requests to suspicious or internal IP addresses. Additionally, restrict network access to the WordPress server to only necessary ports and services. Regularly review WordPress plugin configurations and disable any unnecessary plugins to reduce the attack surface.
Aktualisieren Sie das Amazon Products to WooCommerce Plugin auf Version 1.2.8 oder höher, um die Server-Side Request Forgery-Schwachstelle zu beheben. Dieses Update behebt die Art und Weise, wie Webanfragen verarbeitet werden, und verhindert, dass nicht authentifizierte Angreifer bösartige Anfragen von der Anwendung senden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-5817 is a Server-Side Request Forgery vulnerability affecting versions 1.0.0–1.2.7 of the Amazon Products to WooCommerce plugin, allowing attackers to make arbitrary web requests.
If you are using Amazon Products to WooCommerce version 1.0.0 through 1.2.7, you are affected by this vulnerability. Upgrade to 1.2.8 or later to mitigate the risk.
Upgrade the Amazon Products to WooCommerce plugin to version 1.2.8 or later. Consider implementing a WAF rule to block suspicious outbound requests as a temporary workaround.
While no public exploits are currently known, the SSRF nature of the vulnerability suggests a potential for exploitation. Monitor your systems for suspicious activity.
Refer to the official Amazon Products to WooCommerce plugin documentation and website for the latest security advisory and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.