CVE-2025-1288

The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack...

WordPress wooexim plugin <= 5.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WOOEXIM versions = 5.0.0...

CVE-2025-1288

The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack...

CVE-2025-1288 wooexim <= 5.0.0 - CSRF to Reflected XSS

The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack...

CVE-2025-1288 wooexim <= 5.0.0 - CSRF to Reflected XSS

The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack...

CVE-2025-1288

The connected sources confirm a vulnerability in the WOOEXIM WordPress plugin (versions before 5.0.0) where CSRF is not consistently checked and inputs lack proper sanitisation and escaping. This can allow an unauthenticated attacker to trigger a reflected XSS via CSRF, potentially affecting page...

PT-2025-21561 · WordPress · Wooexim

Name of the Vulnerable Software and Affected Versions: WOOEXIM plugin for WordPress versions prior to 5.0.0 Description: The issue concerns the lack of CSRF verification and proper sanitization and escaping in certain areas of the plugin, which could allow attackers to exploit unauthenticated use...

CVE-2025-23944 WordPress WOOEXIM Plugin <= 5.0.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in bulktheme WOOEXIM wooexim allows Object Injection.This issue affects WOOEXIM: from n/a through = 5.0.0...

CVE-2025-23944 WordPress WOOEXIM Plugin <= 5.0.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in bulktheme WOOEXIM wooexim allows Object Injection.This issue affects WOOEXIM: from n/a through = 5.0.0...

WordPress WOOEXIM Plugin <= 5.0.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WOOEXIM versions = 5.0.0...

CVE-2025-22533 WordPress WOOEXIM Plugin <= 5.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bulktheme WOOEXIM wooexim allows SQL Injection.This issue affects WOOEXIM: from n/a through = 5.0.0...

CVE-2025-22533

CVE-2025-22533 is an SQL Injection in the WOOEXIM – WooCommerce Export Import Plugin for WordPress. The initial description identifies it as an Improper Neutralization of Special Elements used in an SQL Command vulnerability (SQL Injection) affecting WOOEXIM: from n/a through 5.0.0. The connected...