What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images woocommerce-products-without-featured-images allows Reflected XSS.This issue affects WooCommerce Products without featured images: from n/a through <= 0.1.
Explanation of Vulnerability in Simple Terms
02Summary
A cross-site request forgery (CSRF) vulnerability in WooCommerce Products without featured images allows an attacker to perform unauthorized actions on behalf of a site visitor. The attacker must trick a logged-in user into visiting a malicious page. The vulnerability affects versions 0 through 0.1. A patch version has not been publicly identified.
What an attacker can do
03Attacker Capabilities
Perform unauthorized actions on a site visitor's behalf, such as modifying product data or settings.
Potential impact on your site
04Site Impact
Attackers can modify product listings or WooCommerce settings if they trick your users into visiting a malicious link.
Conditions required to exploit
05Prerequisites
A logged-in WooCommerce user must visit an attacker-controlled page while authenticated to the site.
Key dates
06Disclosure timeline
April 17, 2025
CVE published
April 29, 2026
Record updated