CVE-2025-32545 HIGH

CVE-2025-32545: WordPress WooCommerce Products without featured images Plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Vendor Softagon
Product WooCommerce Products without featured images
Weakness CWE-352 · CSRF
Published April 17, 2025
Last update April 29, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images woocommerce-products-without-featured-images allows Reflected XSS.This issue affects WooCommerce Products without featured images: from n/a through <= 0.1.

Explanation of Vulnerability in Simple Terms

02Summary

A cross-site request forgery (CSRF) vulnerability in WooCommerce Products without featured images allows an attacker to perform unauthorized actions on behalf of a site visitor. The attacker must trick a logged-in user into visiting a malicious page. The vulnerability affects versions 0 through 0.1. A patch version has not been publicly identified.

What an attacker can do

03Attacker Capabilities

Perform unauthorized actions on a site visitor's behalf, such as modifying product data or settings.

Potential impact on your site

04Site Impact

Attackers can modify product listings or WooCommerce settings if they trick your users into visiting a malicious link.

Conditions required to exploit

05Prerequisites

A logged-in WooCommerce user must visit an attacker-controlled page while authenticated to the site.

Key dates

06Disclosure timeline

April 17, 2025 CVE published
April 29, 2026 Record updated

Related vulnerabilities

08Related CVE