cleantalk
Vulnerabilities and Security Researches

Import Export For WooCommerce, CVE-2025-12389

CVE, Research URL

CVE-2025-12389

Home page URL

Security reports for Import Export For WooCommerce

Application

Import Export For WooCommerce

Published on
Nov 04, 2025
Research Description
The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_setting() function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's record setting.
Affected versions
max 1.6.2.
Status
vulnerable
Previous vulnerability researches
Social proof testimonials and reviews by Repuso (CVE-2023-46196) , Jun 10, 2024
Social proof testimonials and reviews by Repuso (CVE-2025-62071) , Nov 11, 2025
Social proof testimonials and reviews by Repuso (CVE-2023-45048) , Jun 07, 2024
Social proof testimonials and reviews by Repuso (CVE-2024-13351) , Jan 16, 2025
Social proof testimonials and reviews by Repuso (CVE-2025-31886) , Apr 03, 2025
New vulnerability
Backup Bolt (CVE-2023-53597) , Nov 11, 2025
Backup Bolt (CVE-2025-10306) , Nov 11, 2025
Date counter (CVE-2025-62948) , Nov 11, 2025
WPComplete (CVE-2025-49906) , Nov 11, 2025
WP Google Map Plugin (CVE-2025-11365) , Nov 11, 2025