CVE-2025-27355

Summary

CVE-2025-27355 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Woocommerce – Loi Hamon plugin from version n/a through 1.1.0. An attacker can exploit this issue to carry out malicious actions on behalf of a user, including injecting Stored Cross-Site Scripting (XSS) attacks. The flaw occurs due to insufficient input validation, allowing untrusted data to be sent to the server. Successful exploitation could lead to serious security implications, including data theft or unauthorized modifications. It is highly recommended that users update to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.