WordPress URL Shortener WooCommerce Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A vulnerability in the URL Shortener WordPress plugin, specifically in versions through 9.0.2, allows for Cross-Site Request Forgery (CSRF) attacks. The plugin lacks CSRF protection in certain bulk action features, which could enable attackers to manipulate logged-in administrators into performing undesired actions, such as deleting customer accounts.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of logged-in administrators, potentially allowing for the deletion of customer accounts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress URL Shortener WooCommerce Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating