CVE-2025-47455 MEDIUM

CVE-2025-47455: WordPress Integration for WooCommerce and Salesforce plugin <= 1.7.5 - Open Redirection Vulnerability

Vendor Crm Perks
Product Integration for WooCommerce and Salesforce
Weakness CWE-601 · Open redirect
Published May 7, 2025
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce woo-salesforce-plugin-crm-perks allows Phishing.This issue affects Integration for WooCommerce and Salesforce: from n/a through <= 1.7.5.

Explanation of Vulnerability in Simple Terms

02Summary

The Integration for WooCommerce and Salesforce plugin contains an open redirect vulnerability that allows an attacker to redirect users to an external website. The vulnerability requires user interaction—the victim must click a malicious link. The redirect can occur across different security contexts, potentially affecting user trust and enabling phishing attacks.

What an attacker can do

03Attacker Capabilities

Redirect site visitors to an external website via a crafted link.

Potential impact on your site

04Site Impact

Users may be redirected to phishing or malware sites, damaging trust and potentially exposing credentials.

Conditions required to exploit

05Prerequisites

No authentication required. The victim must click a malicious link or visit a crafted URL.

Key dates

06Disclosure timeline

May 7, 2025 CVE published
April 28, 2026 Record updated