CVE-2025-14165
CSRF in Kirim.Email WooCommerce Plugin Allows Settings Modification
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kirim | email_woocommerce_integration | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the Cross-Site Request Forgery vulnerability in the Kirim.Email WooCommerce Integration plugin impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Kirim.Email WooCommerce Integration plugin versions up to 1.2.9, caused by missing nonce validation on the plugin's settings page. To detect exploitation attempts on your system, you can monitor HTTP requests targeting the plugin's settings page for unauthorized POST requests that modify API credentials or integration settings without proper nonce tokens. Since the plugin settings page is accessible to users with 'manage_woocommerce' capability, look for suspicious POST requests to URLs related to the plugin's admin page, especially those that change options like 'ke_wc_api_username' or 'ke_wc_api_token'. Example commands to detect such activity include using web server logs or network monitoring tools to filter POST requests to the plugin's admin URL. For example, using grep on Apache logs: `grep 'POST.*wp-admin/admin.php?page=kirimemail-woocommerce-integration' /var/log/apache2/access.log` or using tcpdump to capture HTTP traffic and filter for POST requests to the plugin's admin page. Additionally, checking for unexpected changes in WordPress options related to the plugin (e.g., via WP-CLI) can help detect if settings were modified: `wp option get ke_wc_api_username` and compare with known values. However, no specific detection commands are provided in the resources. [2, 3]
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Kirim.Email WooCommerce Integration plugin for WordPress, affecting all versions up to and including 1.2.9. It occurs because the plugin's settings page lacks nonce validation, allowing an attacker to trick a site administrator into performing actions like clicking a malicious link, which can then modify the plugin's API credentials and integration settings without proper authorization.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can modify the plugin's API credentials and integration settings by tricking an administrator into executing a forged request. This could lead to unauthorized changes in how the plugin interacts with external services, potentially disrupting operations or exposing sensitive integration data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Kirim.Email WooCommerce Integration plugin to a version later than 1.2.9 where the nonce validation issue is fixed. Additionally, avoid clicking on suspicious links and ensure that only trusted administrators have access to the plugin's settings page to prevent unauthorized changes.