Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-5813

The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces.

Published: Jun 26, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-5813
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
suhailahmad64 / amazon_products_to_woocommerce	-	1.2.7.x

https://plugins.trac.wordpress.org/browser/import-products-to-wc/trunk/inc/functions.php#L266
https://www.wordfence.com/threat-intel/vulnerabilities/id/a0906540-46fc-4f76-9265-cb87c6340fad?source=cve

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo