cleantalk
Vulnerabilities and Security Researches

Import Export For WooCommerce, CVE-2025-12389

CVE, Research URL

CVE-2025-12389

Home page URL

Security reports for Import Export For WooCommerce

Application

Import Export For WooCommerce

Published on
Nov 04, 2025
Research Description
The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_setting() function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's record setting.
Affected versions
max 1.6.2.
Status
vulnerable
Previous vulnerability researches
Outdoor (CVE-2023-29236) , Jun 10, 2024
Outdoor (CVE-2025-10743) , Nov 11, 2025
Outdooractive Embed (CVE-2024-11774) , Dec 21, 2024
New vulnerability
Backup Bolt (CVE-2023-53597) , Nov 11, 2025
Backup Bolt (CVE-2025-10306) , Nov 11, 2025
Date counter (CVE-2025-62948) , Nov 11, 2025
WPComplete (CVE-2025-49906) , Nov 11, 2025
WP Google Map Plugin (CVE-2025-11365) , Nov 11, 2025