CVE-2025-5813
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-07-07
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| suhailahmad64 | amazon_products_to_woocommerce | to 1.2.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Amazon Products to WooCommerce plugin for WordPress is due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to 1.2.7. This allows unauthenticated attackers to modify data without authorization, specifically enabling them to create new products in the WooCommerce store. Essentially, the plugin does not properly verify if the user has the right permissions before allowing product creation via this function. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthenticated attackers to add unauthorized products to your WooCommerce store. This could lead to data integrity issues, potential misuse of your store for fraudulent or malicious products, and damage to your store's reputation. Since the attacker does not need to be logged in, it increases the risk of exploitation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized calls to the vulnerable AJAX or REST API endpoints related to the Amazon Products to WooCommerce plugin, specifically calls to the wcta2w_get_amazon_product_callback() function or endpoints like 'wct-get-amazon-product/v1/keyword'. Network monitoring tools can be used to detect unexpected POST or GET requests to these endpoints from unauthenticated sources. Additionally, inspecting WordPress logs for creation of new products without proper authentication can help detect exploitation attempts. Commands to check for suspicious HTTP requests in web server logs include: 1) Using grep to find calls to the vulnerable endpoint: `grep 'wct-get-amazon-product' /var/log/apache2/access.log` or `grep 'wct-get-amazon-product' /var/log/nginx/access.log` 2) Using WP-CLI to list recently created products: `wp post list --post_type=product --orderby=date --order=desc --field=ID,post_date,post_author` to identify unexpected product creations. 3) Monitoring active AJAX calls in WordPress by checking admin-ajax.php access logs for unusual activity. These steps help detect exploitation attempts by identifying unauthorized access or product creation activities. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Updating the Amazon Products to WooCommerce plugin to a version later than 1.2.7 where the missing capability check is fixed. 2) If an update is not immediately available, restrict access to the vulnerable AJAX and REST API endpoints by implementing server-level access controls (e.g., IP whitelisting or authentication). 3) Disable or restrict the plugin's functionality temporarily if possible. 4) Monitor and audit product creation logs to detect and remove any unauthorized products created via exploitation. 5) Implement additional WordPress security measures such as enforcing strong administrator authentication and using security plugins to monitor suspicious activity. These steps help prevent unauthorized data modification and product creation through the vulnerable function. [1]