What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Stored XSS.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2.
Explanation of Vulnerability in Simple Terms
02Summary
Import Export For WooCommerce versions up to 1.6.2 contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability affects import and export functionality and requires the victim to visit a malicious link.
What an attacker can do
03Attacker Capabilities
Perform unwanted import or export actions on behalf of a logged-in administrator without their consent.
Potential impact on your site
04Site Impact
An attacker could trigger unintended data imports, exports, or modifications to WooCommerce settings via a tricked admin.
Conditions required to exploit
05Prerequisites
Administrator must visit a malicious webpage while logged into WordPress.
Key dates
06Disclosure timeline
May 16, 2025
CVE published
April 28, 2026
Record updated