CVE-2025-5817 – Amazon Products to WooCommerce SSRF Vulnerability

July 2, 2025

CVE ID : CVE-2025-5817

Published : July 2, 2025, 4:15 a.m. | 5 hours, 26 minutes ago

Description : The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6437 – WordPress Ads Pro Plugin SQL Injection Vulnerability

Next Article CVE-2025-5746 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Highlights

CVE-2025-49839 – GPT-SoVITS-WebUI Unvalidated Model Deserialization Vulnerability

July 16, 2025

CVE ID : CVE-2025-49839

Published : July 15, 2025, 9:15 p.m. | 5 hours, 38 minutes ago

Description : GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of Roformer_Loader class is created with the model_path attribute containing the aformentioned user input (here called locally model_name). Note that in this step the .ckpt extension is added to the path. In the Roformer_Loader class, the user input, here called model_path, is used to load the model on that path with torch.load, which can lead to unsafe deserialization. At time of publication, no known patched versions are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Stop using AI for these 9 work tasks – here’s why

A smart sensor assessed my home’s risk of electrical fires, and I was impressed

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2025-5817 – Amazon Products to WooCommerce SSRF Vulnerability

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

AMD’s top Ryzen CPUs have never been cheaper — Up to 35% off at Amazon Gaming Week

I’ve seen enough premium gaming handhelds — ASUS, Lenovo, and more could learn from AYANEO’s new budget-friendly line

I tested Acer’s $349 smart monitor, and it’s a tariff-smart option I can get behind

CVE-2025-1278 – GitLab IP Access Bypass Vulnerability

CVE-2025-49839 – GPT-SoVITS-WebUI Unvalidated Model Deserialization Vulnerability

Hunting Fileless Malware

CVE-2025-7505 – Tenda FH451 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

Russian-Linked Hackers Are Exploiting a WinRAR Flaw — Here’s How to Stay Safe

CVE-2025-5817 – Amazon Products to WooCommerce SSRF Vulnerability

Related Posts